You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/reporting-services/security/granting-permissions-on-a-native-mode-report-server.md
+50-49Lines changed: 50 additions & 49 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,54 +27,55 @@ caps.latest.revision: 60
27
27
author: "guyinacube"
28
28
ms.author: "asaxton"
29
29
manager: "erikre"
30
+
ms.workload: "On Demand"
30
31
---
31
32
# Granting Permissions on a Native Mode Report Server
32
-
SQL Server [!INCLUDE[ssRSnoversion](../../includes/ssrsnoversion-md.md)] uses role-based authorization and an authentication subsystem to determine who can perform operations and access items on a report server. Role-based authorization categorizes into roles the set of actions that a user or group can perform. Authentication is based on built-in Windows Authentication or a custom authentication module that you provide. You can use predefined or custom roles with either authentication type.
33
-
34
-
## Using Roles to Grant Report Server Access
35
-
All users interact with a report server within the context of a role that defines a specific level of access. [!INCLUDE[ssRSnoversion](../../includes/ssrsnoversion-md.md)] includes predefined roles that you can assign to users and groups to provide immediate access to a report server. **ContentManager**, **Publisher**, and **Browser** are examples of predefined roles. Each role defines a collection of related tasks. For example, a **Publisher** has permission to add reports and create folders for storing those reports.
36
-
37
-
Role assignments are typically inherited from a parent node, but you can break permission inheritance by creating a new role assignment for a particular item. A user who is a member of the **Content Manager** role for one report may be a member of the **Browser** role for another report.
38
-
39
-
To grant access to report server items and operations, follow these guidelines:
40
-
41
-
1. Review the predefined roles to determine whether you can use them as is. If you need to adjust the tasks or define additional roles, you should do this before you begin assigning users to specific roles. For more information about each role, see [Predefined Roles](../../reporting-services/security/role-definitions-predefined-roles.md).
42
-
43
-
2. Identify which users and groups require access to the report server, and at what level. Most users should be assigned to the **Browser** role or the **Report Builder** role. A smaller number of users should be assigned to the **Publisher** role. Very few users should be assigned to **Content Manager**.
44
-
45
-
3. Use Report Manager to assign roles on the Home folder (this is the top-level folder of the report server folder hierarchy) for each user or group who requires access.
46
-
47
-
4. At the site level, on the Site Settings page in Report Manager, create a system-level role assignment for each user and group using the predefined roles **System User** and **System Administrator**.
48
-
49
-
5. Create additional role assignments as needed for specific folders, reports, and other items. Avoid creating a large number of role assignments. If you create too many, it will be difficult to keep track of the different permission levels for each user.
50
-
51
-
> [!NOTE]
52
-
> If you configured a report server to run in SharePoint integrated mode, you must set permissions on the SharePoint site to grant access to report server items. For more information, see [Granting Permissions on Report Server Items on a SharePoint Site](../../reporting-services/security/granting-permissions-on-report-server-items-on-a-sharepoint-site.md).
53
-
54
-
## Who Sets Permissions
55
-
Initially, only users who are members of the local administrators group can access a report server. [!INCLUDE[ssRSnoversion](../../includes/ssrsnoversion-md.md)] is installed with two default role assignments that grant item-level and system-level access to members of the local administrators group. These built-in role assignments local Administrators to grant report server access to other users and manage report server items. The built-in role assignments cannot be deleted. A local administrator always has permission to fully manage a report server instance.
56
-
57
-
Because full permissions on a report server include item-level and system-level permissions, a local administrator is assigned to the following roles:
58
-
59
-
Additional configuration is required before you can administer a report server instance on a local computer that runs Windows Vista or Windows Server 2008. For more information, see [Configure a Native Mode Report Server for Local Administration (SSRS)](../../reporting-services/report-server/configure-a-native-mode-report-server-for-local-administration-ssrs.md).
60
-
61
-
## How Permissions are Stored
62
-
Role assignments and definitions are stored in the report server database. If you are using variety of client tools or programmatic interfaces, all access is subject to the permissions that are defined for the report server instance as a whole. If you are configuring multiple report servers in a scale-out-deployment, the role assignments that you define on one instance are stored in a shared database and used by all the other instances in the same scale-out deployment. Because role assignments are stored with the items they secure, you can move the database to another report server instance without losing the permissions you defined.
63
-
64
-
## Tasks and tools for Managing Permissions
65
-
Use the following tools to manage role definitions and assignments.
66
-
67
-
|Tool|Tasks|
68
-
|----------|-----------|
69
-
|Management Studio - Used to view, modify, create, and delete role definitions.|[Create, Delete, or Modify a Role (Management Studio)](../../reporting-services/security/role-definitions-create-delete-or-modify.md)|
70
-
|Report Manager - Used to assign users and groups to roles.|[Grant User Access to a Report Server (Report Manager)](../../reporting-services/security/grant-user-access-to-a-report-server-report-manager.md)<br /><br /> [Modify or Delete a Role Assignment (Report Manager)](../../reporting-services/security/role-assignments-modify-or-delete.md)|
[Granting Permissions on Report Server Items on a SharePoint Site](../../reporting-services/security/granting-permissions-on-report-server-items-on-a-sharepoint-site.md)
75
-
[Authentication with the Report Server](../../reporting-services/security/authentication-with-the-report-server.md)
76
-
[Create and Manage Role Assignments](../../reporting-services/security/create-and-manage-role-assignments.md)
77
-
[Reporting Services Security and Protection](../../reporting-services/security/reporting-services-security-and-protection.md)
78
-
[Report Server Content Management (SSRS Native Mode)](../../reporting-services/report-server/report-server-content-management-ssrs-native-mode.md)
79
-
80
-
33
+
SQL Server [!INCLUDE[ssRSnoversion](../../includes/ssrsnoversion-md.md)] uses role-based authorization and an authentication subsystem to determine who can perform operations and access items on a report server. Role-based authorization categorizes into roles the set of actions that a user or group can perform. Authentication is based on built-in Windows Authentication or a custom authentication module that you provide. You can use predefined or custom roles with either authentication type.
34
+
35
+
## Using Roles to Grant Report Server Access
36
+
All users interact with a report server within the context of a role that defines a specific level of access. [!INCLUDE[ssRSnoversion](../../includes/ssrsnoversion-md.md)] includes predefined roles that you can assign to users and groups to provide immediate access to a report server. **ContentManager**, **Publisher**, and **Browser** are examples of predefined roles. Each role defines a collection of related tasks. For example, a **Publisher** has permission to add reports and create folders for storing those reports.
37
+
38
+
Role assignments are typically inherited from a parent node, but you can break permission inheritance by creating a new role assignment for a particular item. A user who is a member of the **Content Manager** role for one report may be a member of the **Browser** role for another report.
39
+
40
+
To grant access to report server items and operations, follow these guidelines:
41
+
42
+
1. Review the predefined roles to determine whether you can use them as is. If you need to adjust the tasks or define additional roles, you should do this before you begin assigning users to specific roles. For more information about each role, see [Predefined Roles](../../reporting-services/security/role-definitions-predefined-roles.md).
43
+
44
+
2. Identify which users and groups require access to the report server, and at what level. Most users should be assigned to the **Browser** role or the **Report Builder** role. A smaller number of users should be assigned to the **Publisher** role. Very few users should be assigned to **Content Manager**.
45
+
46
+
3. Use Report Manager to assign roles on the Home folder (this is the top-level folder of the report server folder hierarchy) for each user or group who requires access.
47
+
48
+
4. At the site level, on the Site Settings page in Report Manager, create a system-level role assignment for each user and group using the predefined roles **System User** and **System Administrator**.
49
+
50
+
5. Create additional role assignments as needed for specific folders, reports, and other items. Avoid creating a large number of role assignments. If you create too many, it will be difficult to keep track of the different permission levels for each user.
51
+
52
+
> [!NOTE]
53
+
> If you configured a report server to run in SharePoint integrated mode, you must set permissions on the SharePoint site to grant access to report server items. For more information, see [Granting Permissions on Report Server Items on a SharePoint Site](../../reporting-services/security/granting-permissions-on-report-server-items-on-a-sharepoint-site.md).
54
+
55
+
## Who Sets Permissions
56
+
Initially, only users who are members of the local administrators group can access a report server. [!INCLUDE[ssRSnoversion](../../includes/ssrsnoversion-md.md)] is installed with two default role assignments that grant item-level and system-level access to members of the local administrators group. These built-in role assignments local Administrators to grant report server access to other users and manage report server items. The built-in role assignments cannot be deleted. A local administrator always has permission to fully manage a report server instance.
57
+
58
+
Because full permissions on a report server include item-level and system-level permissions, a local administrator is assigned to the following roles:
59
+
60
+
Additional configuration is required before you can administer a report server instance on a local computer that runs Windows Vista or Windows Server 2008. For more information, see [Configure a Native Mode Report Server for Local Administration (SSRS)](../../reporting-services/report-server/configure-a-native-mode-report-server-for-local-administration-ssrs.md).
61
+
62
+
## How Permissions are Stored
63
+
Role assignments and definitions are stored in the report server database. If you are using variety of client tools or programmatic interfaces, all access is subject to the permissions that are defined for the report server instance as a whole. If you are configuring multiple report servers in a scale-out-deployment, the role assignments that you define on one instance are stored in a shared database and used by all the other instances in the same scale-out deployment. Because role assignments are stored with the items they secure, you can move the database to another report server instance without losing the permissions you defined.
64
+
65
+
## Tasks and tools for Managing Permissions
66
+
Use the following tools to manage role definitions and assignments.
67
+
68
+
|Tool|Tasks|
69
+
|----------|-----------|
70
+
|Management Studio - Used to view, modify, create, and delete role definitions.|[Create, Delete, or Modify a Role (Management Studio)](../../reporting-services/security/role-definitions-create-delete-or-modify.md)|
71
+
|Report Manager - Used to assign users and groups to roles.|[Grant User Access to a Report Server (Report Manager)](../../reporting-services/security/grant-user-access-to-a-report-server-report-manager.md)<br /><br /> [Modify or Delete a Role Assignment (Report Manager)](../../reporting-services/security/role-assignments-modify-or-delete.md)|
[Granting Permissions on Report Server Items on a SharePoint Site](../../reporting-services/security/granting-permissions-on-report-server-items-on-a-sharepoint-site.md)
76
+
[Authentication with the Report Server](../../reporting-services/security/authentication-with-the-report-server.md)
77
+
[Create and Manage Role Assignments](../../reporting-services/security/create-and-manage-role-assignments.md)
78
+
[Reporting Services Security and Protection](../../reporting-services/security/reporting-services-security-and-protection.md)
79
+
[Report Server Content Management (SSRS Native Mode)](../../reporting-services/report-server/report-server-content-management-ssrs-native-mode.md)
0 commit comments