How to: Grant User Access to a Report Server (Report Manager)
Reporting
Services uses role-based security to grant user access to a report
server. On a new report server installation, only users who are members
of the local Administrators group have permissions to report server
content and operations. To make the report server available to other
users, you must create role assignments that map user or group accounts
to a predefined role that specifies a collection of tasks.
For a report server that is configured for native mode, use Report Manager to assign users to a role. There are two types of roles:
For a report server that is configured for native mode, use Report Manager to assign users to a role. There are two types of roles:
- Item-level roles are used to view, add, and manage report server content, subscriptions, report processing, and report history. Item-level role assignments are defined on the root node (the Home folder) or on specific folders or items farther down the hierarchy.
- System-level
roles grant access to site-wide operations that are not bound to any
specific item. Examples include using Report Builder and using shared
schedules.
The two types of roles complement each other and should be used together. For this reason, adding a user to a report server is a two-part operation. If you assign a user to an item-level role, you should also assign them to a system-level role. When assigning a user to a role, you must select a role that is already defined. To create, modify, or delete roles, use SQL Server Management Studio. For more information, see How to: Create, Delete, or Modify a Role (Management Studio).
Review the following list before adding users to a native mode report server.
- You must be a member of the local Administrators group on the report server computer. If you are deploying Reporting Services on Windows Vista or Windows Server 2008, additional configuration is required before you can administer a report server locally. For more information, see How to: Configure a Report Server for Local Administration on Windows Vista and Windows Server 2008 (UAC).
- To delegate this task to other users, create role assignments that map user accounts to Content Manager and System Administrator roles. Users who have Content Manager and System Administrator permissions can add users to a report server.
- In SQL Server Management Studio, view the predefined roles for System Roles and User Roles so that you are familiar with the kinds of tasks in each role. Task descriptions are not visible in Report Manager, so you will want to be familiar with the roles before you begin adding users.
- Optionally, customize the roles or define additional roles to include the collection of tasks that you require. For example, if you plan to use custom security settings for individual items, you might want to create a new role definition that grants view-access to folders. For more information, see Tutorial: Setting Permissions in Reporting Services.
To add a user or group to a system role
- Start Report Manager.
- Click Site Settings.
- Click Security.
- Click New Role Assignment.
- In Group or user name, enter a Windows domain user or group account in this format: <domain>\<account>. If you are using forms authentication or custom security, specify the user or group account in the format that is correct for your deployment.
- Select a system role, and then click OK.
Roles are cumulative, so if you select both System Administrator and System User, a user or group will be able to perform the tasks in both roles. - Repeat to create assignments for additional users or groups.
To add a user or group to an item role
- Start Report Manager and locate the report item for which you want to add a user or group.
- Hover over the item, and click the drop-down arrow.
- In the drop-down menu, click Security.
- Click New Role Assignment.
Note If an item currently inherits security from a parent item, click Edit Item Security in the toolbar to change the security settings. Then click New Role Assignment. - In Group or user name, enter a Windows domain user or group account in this format: <domain>\<account>. If you are using forms authentication or custom security, specify the user or group account in the format that is correct for your deployment.
- Select one or more role definitions that describe how the user or group should access the item, and then click OK.
- Repeat to create assignments for additional users or groups.