Model Item Security Page (Report Manager)
Use this page to secure parts of a model by granting or revoking read-only permissions on particular items. Model item security affects ad hoc data exploration at run time and the ability to use parts of a published model when creating reports in Report Builder.
Model item security is applied to a model that is processed on the report server and does not affect .smdl files that you edit in Model Designer or use in Report Designer. Furthermore, it has no effect on users who have permission to modify a model definition. Any user who has Content Manager or Publisher permissions on a model can see all parts of it, regardless of whether you apply model item security.
Model items can be further secured through the use of security filters. For more information, see Tutorial: Applying Security Filters to Report Model Items.
You can define model item security on entities, folders, and individual fields within a model. Because a model presents such a large surface of securable items, permission inheritance is built into the model so that you can secure a large number of items through a relatively small number of role assignments. Permission inheritance is based on the following:
Folders or entities
Initially, permission to access to model items is inherited through role assignments that are set on the model itself. A user who has permission to view a model in a folder in Report Manager can view all of the items in the model.
If you apply model item security, you must create at least one role assignment on the root node. This initial role assignment on the root node becomes the new source of inherited permissions. The role assignment on the root node is automatically inherited by all items in the model hierarchy.
To further customize permissions on data exploration, you can vary permissions on folders and entities. Finally, you can set permissions on individual fields.
To make role assignments easier to maintain, set permissions only on folders or entities rather than individual fields. You cannot search for role assignments that you create. If you set security on specific fields and you want to update the security settings later, you must click through the model namespace to find the fields you secured.
To get started, create a role assignment on the root node and then create additional role assignments on entities and folders. To clear model item security, clear the check box for Secure individual model items independently for this model. Clearing the check box reverts back to the initial permissions that are inherited from the model.
To open this page, select a model, click the Properties tab, and then click Model Item Security. To use this feature, you must have Content Manager permissions.