Role Assignments for Report Builder Access

Updated: 14 April 2006

Report Builder is an ad hoc reporting tool that business users can use to create and save reports on a report server. Ad hoc reporting through Report Builder is a powerful feature that you might want to provide only to those users who require it.

To make Report Builder available to specific users or groups, you must define a system-level and item-level role assignment for each user or group who requires access to Report Builder. Use the following guidelines in this topic to create role assignments that provide access to the Report Builder tool and Report Builder reports. For more information about other factors that determine Report Builder availability, see Configuring a Report Server for Report Builder Access.

To use Report Builder to create, modify, and save ad hoc reports, users must have:

  • A system role assignment that includes the "Execute report definitions" task.
    This task allows users to run a report in Report Builder (that is, in a client application that is separate from a report server). Reporting Services includes a predefined System User role that includes this task.
    Creating a system level role assignment is necessary because access to Report Builder does not depend on any single item in the report server folder hierarchy. Both the System User and System Administrator predefined roles include the required task. You can use either one to provide access to Report Builder. If you upgraded from a previous version, you must add the "Execute report definition" task to existing role definitions.
  • An item-level role assignment that includes a predefined Report Builder role.
    This role includes tasks for creating reports, loading reports into Report Builder, viewing and navigating models, and saving reports to a report server.

To view reports that have been saved from Report Builder to the report server, a user must have an item role assignment that allows for viewing reports, such as the Browser role. From a report server security perspective, reports that you create in Report Builder are no different from reports that you create and publish from Report Designer or any third-party tool that generates report definitions. Roles with minimal permissions are sufficient for viewing reports. The predefined Browser role includes all of the tasks a user needs to view a Report Builder report. As with other reports, you can view Report Builder reports in Report Manager, a browser window, or a SharePoint Web part.

To navigate a report using an ad hoc navigation path, a user must have an item role assignment that allows for viewing models. The Browser role includes this task. Users who view Report Builder reports can follow a data navigation path through the report, clicking on data to open a series of temporary drillthrough reports that contain the data of interest. The ability to navigate data in a report is supported through models. You can configure role assignments on the model or on specific model items to determine whether a user can view data in a Report Builder report. For more information, see Securing Models.

To publish and manage the models that are used in Report Builder, a user must have the Publisher role that allows users to upload both reports and models to a report server. The tasks that provide this ability are "Manage reports" and "Manage models". For more information, see Publisher Role.