Configuring Security Through Role Assignments

In Reporting Services, all roles can be modified, including the predefined roles that are configured during setup. You can rename the predefined role definitions or replace them with custom definitions. Suppose your organization is already familiar with a set of roles in use for another application, such as System Administrator, Subscriber, Document Administrator, and Document Author. If these roles correspond to how you think users will access a report server, you can apply the more familiar nomenclature to report server roles. You can either rename the predefined roles or create new role definitions that correspond to the roles that you already know.


Although you can use any intellectual work or analysis you may have already done for other role-based applications in use at your organization, you cannot import the security constructs into Reporting Services.

This section explains how to modify default security to support additional users, groups, and access requirements. You can change system-level security or item-level security.

To manage security effectively, use the default security and supplement it with a minimum set of role assignment that provide access to report users, and then follow the principle of "setting security by exception," (that is, change or add security to accommodate special cases, but not otherwise).

Security Configuration Process

To configure security for Reporting Services, you create role assignments for securable items on the report server as follows:

  1. Navigate to the item that you want to secure. You can secure folders in the folder hierarchy; child items inherit their parent's security.
  2. Create a role assignment that specifies a user or group account.
  3. Choose a role that describes how you want that user or group to access the item.

Because role-based security is context-sensitive, you must navigate to a specific item, such as a folder or a report, before you create a role assignment.

For specific instructions about creating role assignments, see How to: Create, Delete, or Modify a Role Assignment (Management Studio) and How to: Create, Delete, or Modify a System Role Assignment (Report Manager).

In This Section

Topic Description

Securing Reports and Resources

Set security for specific reports or resources.

Securing Models

Set security for specific report models.

Securing Folders

Set security for specific folders.

Securing My Reports

Set security for My Reports.

Role Assignments for Report Builder Access

Control access to ad hoc reporting functionality available through Report Builder.

Securing Shared Data Source Items

Set security for shared data sources.

Creating, Modifying, and Deleting Role Definitions

Create role definitions that describe access for particular classes of users.

Creating, Modifying, and Deleting Role Assignments

Add users or modify access for current users.

Setting System-Level Security

Change system level security.

See Also


How to: Create, Delete, or Modify a Role Assignment (Management Studio)
How to: Create, Delete, or Modify a System Role Assignment (Report Manager)
How to: Create, Delete, or Modify a Role (Management Studio)
How to: Create, Delete, or Modify a Role (Report Manager)


Managing Permissions and Security for Reporting Services
Securing Reporting Services
Tasks and Permissions in Reporting Services

Help and Information

Getting SQL Server 2005 Assistance