Share via


Predefined Role Assignments

Reporting Services provides default security through role assignments that are configured during setup. These role assignments define access for local administrators. The preset role assignments consist of built-in Windows accounts, roles, and a security context.

Default Role Assignments for Administrators

The following table summarizes the predefined role assignments.

Built-in group Role Securable item

Administrators

System Administrator Role

System

Administrators

Content Manager Role

Folder hierarchy starting at the Home folder (the root node)

Notice that two role assignments are necessary to provide wide-ranging access to a report server. System-level role assignments support operations that apply to the report server site as a whole. Item-level role assignments provide access to the folder hierarchy. These two security zones are mutually exclusive.

Extending Access to Other Users

To open a report server to other users, you must create additional role assignments. One option to consider is using built-in accounts such as Everyone (an Internet Information Services account) or Users (a global domain account), and then assign those accounts to roles that provide read-only access to a report server.

The following table shows a combination of roles that are easy to define if you want to provide limited access to a large group of users right away. For step by step instructions, see Server Deployment Checklist.

Built-in group Role Securable item

Everyone

System User Role

System

Everyone

Browser Role

Folder hierarchy starting at the Home folder (the root node)

ms159213.security(en-US,SQL.90).gifSecurity Note:
The built-in Everyone and Users groups include all user accounts that have access to your Web server or that are defined in your domain. If you do not want to provide view-only access to this many users, you should choose different accounts.

When you define role assignments for report users, you should define one for the system and one for the folder hierarchy.

For many organizations, four role assignments can provide adequate access for administrators and the majority of users who require reports and reporting features. However, you can easily add more role assignments to accommodate particular users who have different access requirements. Typically, you will create additional role assignments for folders or reports that relate to specific users or groups; for example, you may want to add role assignments to a group's folders that give individuals in that group the capability to manage those folders and their contents.

If you plan to deploy confidential reports, create role assignments that allow you to stage and test those reports in a secure manner and that allow only authorized users to view them. For more information, see Configuring Security Through Role Assignments.

See Also

Tasks

How to: Create, Delete, or Modify a Role Assignment (Management Studio)
How to: Create, Delete, or Modify a System Role Assignment (Report Manager)
How to: Create, Delete, or Modify a Role (Management Studio)
How to: Create, Delete, or Modify a Role (Report Manager)

Concepts

Creating, Modifying, and Deleting Role Assignments
Role Assignments
Securable Items
Predefined Roles Overview
Using Default Security
Managing Permissions and Security for Reporting Services

Help and Information

Getting SQL Server 2005 Assistance