Lesson 1: Setting System-level Permissions on a Report Server
New: 17 July 2006
You can define system-level role assignments to grant access to global tasks and permissions that apply to a report server site as a whole. Each user who requires access to a report server should have a system-level role assignment. You can use the predefined roles that Reporting Services provides to create the assignments:
- Assign the System Administrator role to a small number of users who require elevated permissions on a report server, including the ability to manage permissions and roles, set defaults, manage ongoing report processes, and create shared schedules. For more information about the complete collection of system-level tasks, see System Administrator Role.
- Assign the System User role to all other users. This role allows users to view server properties, select shared schedules, and access Report Builder. If you have a domain group account that defines permissions for a large number of users, you should assign that account to the System User role. For more information about the tasks in the System User role, see System User Role.
If you upgraded from SQL Server 2000, the System Administrator and System User roles are missing the tasks that allow access to Report Builder. If you want to use Report Builder, you must add the tasks to the existing roles. To learn how, see Updating Role-Based Security for Report Builder Access.
To define role assignments, you must have sufficient permissions. On a new installation of Reporting Services, you must be a member of the local Administrators group to create role assignments.
To create a system-level role assignment
If necessary, log on as a local administrator.
Start Management Studio and connect to a report server.
Expand the report server node to view the folder hierarchy. You should see a folder structure similar to the following diagram:
Right-click the server node and select Properties. The Server Properties dialog box opens.
Click Permissions. The permissions page shows the current system-level role assignments. On a new report server installation, only the BUILTIN\Administrators group has a system-level role assignment that maps to the System Administrator role. You will use this page to add two new role assignments: one for a large group of users who need only minimal site-level permissions, and one for a small number of users who have content management responsibilities. The following diagram shows the permission page with the system role assignment for the built-in Administrators group:
Click the Add Group or User button.
Type the name of a domain group account that includes all of the users who require permissions to view and publish content. Specify the account in this format: domain\group. The account should be in the same domain or in a trusted domain. If you do not have a domain group that fits this description, you can specify individual domain user accounts instead.
Click OK to close the Add Group or User dialog box.
On the permissions page, select the System User role for the new group you just added.
Add another group or individual by clicking Add Group or User again.
Type the name of a domain user account for a user who has administrative responsibilities for this report server. Specify the account in this format: domain\user. The account should be in the same domain as the report server or in a trusted domain.
Click OK to close the Add Group or User dialog box.
On the permissions page, select the System Administrator role for the new user you just added. You can add more users or groups in this way and select which roles to apply. The following diagram provides an illustration of how the page might look after you add several users:
Click OK to save the role assignments.
Next Steps
You have successfully created a system-level role assignment that grants minimal system-level permissions to a domain group account and administrative permissions to a specific user account. If users were to access Report Manager now, they would see the global toolbar and menu commands, but no content.
Next, you will create two item-level role assignments that allow the same group and user to access folders, reports, shared data sources, report models, and resources on the report server. See Lesson 2: Setting Item-level Permissions on a Report Server.
See Also
Tasks
Tutorial: Reporting Services Tools
Tutorial: Setting Permissions in Reporting Services
Other Resources
Managing Permissions and Security for Reporting Services
Predefined Role Assignments
How to: Register and Connect to a Report Server (Management Studio)
How to: Start Report Manager (Report Manager)
How to: Register and Connect to a Report Server (Management Studio)