Introduction To Role-Based Security In SQL Server Reporting Services

原创 2004年09月29日 12:39:00

There are only two security guarantees after a successful installation of Reporting Services:

1) The Report Manager web application, where you can browse and view reports, will require Windows to authenticate all clients.

2) The only users authorized to use the Report Manager application will be members of the server’s Administrators group (BUILTIN/Administrators).

If you want to get your reporting project off the ground and allow other people in your organization to view reports, you’ll need to add additional groups and users into roles. In this article, we will highlight some basic features of Reporting Services role-based security.

Reporting Services Roles

Reporting Services ships with 6 built-in roles: System Administrator, System User, Browser, Content Manager, My Reports, and Publisher. Placing a Windows user into one of these roles will give the user authorization to perform specific actions with the report manager. For example, a user in the role of Browser can view folders and reports, but not publish new reports. A user in the role of Publisher can create, view, and delete reports, but cannot create new roles. These are the default settings of Reporting Services, which a user in the System Administrator role can modify.

System Administrators

As mentioned earlier, the Reporting Services setup will place the local machine’s Administrators group into the System Administrators role. Since this role is an all-powerful role, you’ll want take care with any modifications you make. A true system administrator will probably also need admin privileges on the server to take care of tasks such as starting and stopping services, so consider adding the person or group into the local administrators group of the server (but think of the ramifications first).

If you want to add additional users or groups to the System Administrators role without adding to the local administrators group, you’ll need to go into the System Role Assignments page. To do this interactively you can navigate to the report manager (http://reportserver/reports, for instance) and click Site Settings in the upper right hand of the screen. Towards the bottom of the Site Settings screen you’ll find three links under a security heading. Click on ‘Configure site-wide security’ to bring yourself to the following screen:


Click on “New Role Assignment” to move to the next screen:


From here you can enter a username, or a group name into the textbox. For machines in a domain, you can prefix the name with the domain name, (DOMAIN/scott, for example). Reporting Services will verify the entry, so don’t worry about spelling mistakes. Select the checkboxes for the role you want to assign. Notice you can also create a new system role, though we will not cover the topic in this article.

Item Level Security

A more common task will be adding users and groups into roles to view reports, or create and manage reports. To perform this task you will first want to navigate to the top most level of the area you want to administer. For example, to give access to the SampleReports folder and all reports underneath SampleReports, navigate to the SampleReports folder (http://reporting/Reports/Pages/Folder.aspx?ItemPath=%2fSampleReports, for example). Click on the Properties tab along the top, then click on the Security link along the side. You should now see a screen similar to the following:


Click “New role assignment”, and enter a group or user name into the textbox shown below:


You can select from the built-in roles shown above, or create a new role. Using the UI you can view the tasks each role has permissions to perform. The security settings you set will flow downwards, that is any folders and reports underneath the SampleReports folder will inherit these settings, so you do not need to repeat this step for each report in the folder. You can break the inheritance by defining a new security policy for a child item.


I hope that this article will give you a jumpstart on managing roles for Reporting Services. I recommend you go to the official documentation for additional reading, as this article serves as only a brief introduction to role-based security in Reporting Services.
By K. Scott Allen

Additional Resources

More SQL Server Reporting Services articles

Using Role-Based Security

通用报表解决方案:SQL Server Reporting Services是什么

SQL Server Reporting Services是什么?     SQL Server Reporting Services(SSRS),微软企业级报表平台,和SQL Server Int...
  • moon66sun
  • moon66sun
  • 2012年03月28日 16:46
  • 1063

安装Reporting Service 2012

安装Reporting Service 2012   MSDN相关内容请参见:
  • albert528108
  • albert528108
  • 2016年09月29日 10:00
  • 1074

SQL Server 2005 升级SP3 Report Service authentication 失败

安装 SQL server 2005 sp3 补丁时 出现“ 您的账户信息未通过验证。按确定可返回身份验证模式,以确定出现该问题的原因。安装程序若要验证您的凭据,则必须可以启动并连接到服务,并且您必须...
  • duck_arrow
  • duck_arrow
  • 2012年07月09日 13:59
  • 979

教程:如何查找并启动 Reporting Services 工具 (SSRS)

本教程介绍了用于配置报表服务器、管理报表服务器内容和操作以及创建并发布分页和移动 Reporting Services 报表的工具。 如果你已经熟悉了这些工具,你可以转到其他教程学习有关使用 Repo...
  • qq_35019337
  • qq_35019337
  • 2017年03月27日 16:12
  • 1011

SQL Server Reporting Services(简称SSRS)

起这一部分主要说说关于SSRS的安装、部署和配置问题。SSRS的安装Reporting Services作为SQL Server的一个组件,自然是要伴随SQL Server一起安装了。目前SQL Se...
  • lanmao100
  • lanmao100
  • 2008年06月20日 14:42
  • 1413

SQLServer2005 Reporting Service 匿名登陆权限设置与访问

Win7只提供了默认的Domain/IUSE用户和IIS_UERS组,除了要设置IIS允许匿名访问外,还需要设置Reporting Services站点的访问权限和SQL Server中数据源的用户访...
  • frank_softworks
  • frank_softworks
  • 2011年09月07日 10:33
  • 4876

SQL Server Reporting Services 远程匿名访问解决办法

SQL Server Reporting Services 并非专门设计用于 Internet 报表部署方案,但是您可以成功地将 Reporting Services 放置于面向 Internet 的...
  • emailqjc
  • emailqjc
  • 2010年09月16日 11:57
  • 5559

Reporting Service部署之访问权限

 SQL Server Reporting Services 并非专门设计用于 Internet 报表部署方案,但是您可以成功地将 Reporting Services 放置于面向 Internet ...
  • zhangzeshuai
  • zhangzeshuai
  • 2009年09月29日 17:15
  • 7386

Reporting Service 和 SQL Server Integration Services 服务不能启动

解决 Reporting Service 和 SQL Server Integration Services 服务不能启动 SetActionAccount.exe 和 rsconfig.exe 命...
  • hadstj
  • hadstj
  • 2013年09月05日 21:23
  • 12982

安装SQL SERVER 2008时如何 解决Reporting Services目录数据库文件存在的问题

SQL Server2008创建system.diagnostics的配置节处理程序时出错解决方案   在安装Sql Server 2008 R2的时候突然报错了,提示信息:   w...
  • lixingshi
  • lixingshi
  • 2014年03月22日 13:51
  • 4261
您举报文章: Introduction To Role-Based Security In SQL Server Reporting Services