Export (0) Print
Expand All

Predefined Role Assignments

SQL Server 2005

Reporting Services provides default security through role assignments that are configured during setup. These role assignments define access for local administrators. The preset role assignments consist of built-in Windows accounts, roles, and a security context.

The following table summarizes the predefined role assignments.

Built-in group Role Securable item

Administrators

System Administrator Role

System

Administrators

Content Manager Role

Folder hierarchy starting at the Home folder (the root node)

Notice that two role assignments are necessary to provide wide-ranging access to a report server. System-level role assignments support operations that apply to the report server site as a whole. Item-level role assignments provide access to the folder hierarchy. These two security zones are mutually exclusive.

To open a report server to other users, you must create additional role assignments. One option to consider is using built-in accounts such as Everyone (an Internet Information Services account) or Users (a global domain account), and then assign those accounts to roles that provide read-only access to a report server.

The following table shows a combination of roles that are easy to define if you want to provide limited access to a large group of users right away. For step by step instructions, see Server Deployment Checklist.

Built-in group Role Securable item

Everyone

System User Role

System

Everyone

Browser Role

Folder hierarchy starting at the Home folder (the root node)

ms159213.security(en-US,SQL.90).gifSecurity Note:
The built-in Everyone and Users groups include all user accounts that have access to your Web server or that are defined in your domain. If you do not want to provide view-only access to this many users, you should choose different accounts.

When you define role assignments for report users, you should define one for the system and one for the folder hierarchy.

For many organizations, four role assignments can provide adequate access for administrators and the majority of users who require reports and reporting features. However, you can easily add more role assignments to accommodate particular users who have different access requirements. Typically, you will create additional role assignments for folders or reports that relate to specific users or groups; for example, you may want to add role assignments to a group's folders that give individuals in that group the capability to manage those folders and their contents.

If you plan to deploy confidential reports, create role assignments that allow you to stage and test those reports in a secure manner and that allow only authorized users to view them. For more information, see Configuring Security Through Role Assignments.

Community Additions

ADD
Show:
© 2014 Microsoft