Reporting Services uses role-based security to control access to items that are stored on a report server. When you grant a user access to a report server, you typically do so by creating a pair of role assignments:
At the site level
On Home, which is the root node of the report server folder hierarchy
Security is inherited within the report server folder hierarchy. Creating role assignments at the site level and on the Home folder sets permission inheritance that extends to all items and operations on a report server.
You can override permission inheritance by defining security for individual items. Items that you can secure individually include:
Shared data sources
Other constructs, such as schedules and subscriptions, are not explicitly secured. Schedules and subscriptions operate within the security of a report.
The following table lists securable items and describes their characteristics.
|Folders||Folder security applies to the folder itself and the items it contains. The Home folder is the root node of the folder hierarchy. Security that you set for this folder establishes the initial security settings for all subordinate folders, reports, resources, and shared data sources in the folder hierarchy. For more information, see Secure Folders.
My Reports is a special-purpose folder that is secured through an implied role assignment based on a dedicated role. For more information, see Secure My Reports.
|Reports||Reports and linked reports can be secured to control the range of actions that users can perform, such as changing the properties of a given report.
Report history is secured through the report that contains the history. You cannot secure individual snapshots within report history.
For more information about report security, see Secure Reports and Resources.
|Report models||You can specify role assignment on all or part of a report model. Because report models can be quite extensive, you might want to secure the model items that map to confidential data.|
|Resources||Resources can be secured to control access to the resource itself and its properties.
Only stand-alone resources can be secured as separate items. Resources that are embedded within a report cannot be secured separately from that report.
For more information about resource security, see Secure Reports and Resources.
|Shared data sources||Shared data sources can be secured to limit access to the item and its property pages. For more information, see Secure Shared Data Source Items.|
|Shared datasets||Shared datasets can be secured to control the range of actions that users can perform, such as viewing or changing the definition, or changing the properties of a given shared dataset.
For more information, see Secure Shared Dataset Items.
Granting Permissions on a Native Mode Report Server
Create, Delete, or Modify a Role (Management Studio)
Grant User Access to a Report Server (Report Manager)
Modify or Delete a Role Assignment (Report Manager)