SQL Server Reporting Services Roles
You can use the predefined roles in Microsoft SQL Server Reporting Services to assign particular permissions to Team Foundation Server users. Every user and group in Team Foundation Server must be assigned appropriate permissions in Reporting Services. Reporting Services provides default security through role assignments. You can use management tools for SQL Server, such as Management Studio and Report Manager, to assign users and groups to predefined roles.
You can use group membership in Team Foundation Server to determine the appropriate membership in one of the predefined roles in Reporting Services. No additional configuration of the role will be required. However, you can modify predefined roles and add custom roles to better meet your business needs. If you add custom roles or modify predefined roles, you must be sure that the roles have the permissions required for the appropriate level of access to reports and reporting features. For more information, see the following topics on the Microsoft Web site: "Managing Permissions and Security for Reporting Services" for SQL Server 2005 and "Granting Permissions on a Native Mode Report Server" for SQL Server 2008.
The following predefined roles are suggested for use with Team Foundation Server:
For detailed information about pre-defined roles in Reporting Services, see the following topics on the Microsoft Web site: "Predefined Roles Overview" for SQL Server 2005 and "Using Predefined Roles" for SQL Server 2008.
You should restrict membership in Reporting Services to only those users who need the specific level of access and permissions granted by membership in that predefined role. Add a user or group to the predefined role that has the minimum permissions required to complete the user's or group's role within a team project. For example, if a user only needs to view the project schedule, you should add the user to the Browser role but not to the Content Manager role.
The System Administrator role includes permissions that are useful for a report server administrator who has overall responsibility for a report server, but not necessarily for the content within it. The System Administrator role does not convey the full range of permissions that a local administrator might have on a computer. You must add Team Foundation Administrators to both the System Administrator role and the Content Manager role. Together, the two role definitions provide a complete set of permissions required by members of the Team Foundation Administrators group.
The Content Manager role includes permissions that are useful for users who manage reports and Web content but that do not necessarily write reports or manage a Web server or instance of SQL Server. A content manager deploys reports, manages report models and data source connections, and decides how to use reports. The Content Manager role provides the typical range of permissions required by users who belong to the Project Administrators group in a team project. You should also add members of the Team Foundation Administrators group to this role.