Configuring Security Through Role Assignments
In Reporting Services, all roles can be modified, including the predefined roles that are configured during setup. You can rename the predefined role definitions or replace them with custom definitions. Suppose your organization is already familiar with a set of roles in use for another application, such as System Administrator, Subscriber, Document Administrator, and Document Author. If these roles correspond to how you think users will access a report server, you can apply the more familiar nomenclature to report server role definitions. You can either rename the predefined role definitions or create new role definitions that correspond to the role classification system that you already know.
Note Although you can use any intellectual work or analysis you may have already done for other role-based applications in use at your organization, you cannot import the security constructs into Reporting Services.
This section explains how to modify default security to support additional users, groups, and access requirements. You can change system-level security or item-level security. Configuring security can be summarized into the following steps:
- Navigate to the area or item that you want to secure.
- Create a role assignment that specifies user or group accounts.
- Choose a role for the role assignment that describes how you want users or groups to access the item.
Because role-based security is context sensitive, you must navigate to a specific item, such as a folder or a report, before you create a role assignment.
To manage security effectively, use the default security and supplement it with a minimum set of role assignment that provide access to report users, and then follow the principle of "setting security by exception," (that is, change or add security to accommodate special cases, but not otherwise).
Use the following table to find more information about specific tasks.
|To||See this topic|
|Add users or modify access for current users||Creating, Modifying, and Deleting Role Assignments|
|Change system-level security||Setting System-Level Security|
|Set security for specific items||Navigating Folders in Report Manager|
|Create role definitions that describe access for particular classes of users||Creating, Modifying, and Deleting Role Definitions|