Authorizing Report Server Access Through Role Assignments

[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]

Reporting Services provides a role-based authorization model to control access to report server content and operations. In Reporting Services, all roles can be modified, including the predefined roles that are configured during setup. You can rename the predefined role definitions or replace them with custom definitions.

Roles are defined for system-level and item-level security. Item-level roles are used to grant access to items stored on a report server. System-level roles are used to grant access to items and operations that are available throughout a report server site (for example, shared schedules).

To manage security effectively, use predefined roles and permission inheritance to minimize the number of security policies, and then follow the principle of "setting security by exception," (that is, change or add security to accommodate special cases, but not otherwise).

To configure security for Reporting Services, you create role assignments for securable items on the report server as follows:

  1. Navigate to the item that you want to secure. You can secure folders in the folder hierarchy; child items inherit their parent's security.
  2. Create a role assignment that specifies a user or group account.
  3. Assign to that user or group a role that contains the set of tasks that can be performed.

Because role-based security is context-sensitive, you must navigate to a specific item, such as a folder or a report, before you create a role assignment.

For specific instructions about creating role assignments, see How to: Set Permissions on Report Server Items (Management Studio) and How to: Modify or Delete a Role Assignment (Report Manager).

Topic Description

Securing Reports and Resources

Set security for specific reports or resources.

Securing Models

Set security for specific report models.

Securing Folders

Set security for specific folders.

Securing My Reports

Set security for My Reports.

Role Assignments for Report Builder Access

Control access to ad hoc reporting functionality available through Report Builder.

Securing Shared Data Source Items

Set security for shared data sources.

Creating, Modifying, and Deleting Role Definitions

Create role definitions that describe access for particular classes of users.

Creating, Modifying, and Deleting Role Assignments

Add users or modify access for current users.

Setting System-Level Security

Change system level security.