Minimum Security and Security Lockouts
Although you can modify the default and custom role assignments, you cannot remove all role assignments, leaving the report server unsecured. At minimum, each report server must have one system role assignment that defines access at the system level, and one item-level role assignment that defines access to the folder hierarchy. You cannot remove all role assignments.
As a precaution against lockout, members of the local Administrators group can always access a report server to change site settings (system role assignments, item-level role definitions, and system-level role definitions) no matter what role assignments are set. If you inadvertently set role assignments in such a way that all users are locked out, a local administrator can always reset security.
Having access to a report server is not the same as having full access to all the reports and the data it contains. To ensure that highly privileged users such as local administrators cannot access confidential reports, you must secure the reports at the data-access level, requiring users to provide credentials to view the report. For more information, see Specifying Credential and Connection Information.