TechNet
Export (0) Print
Expand All

Compare Roles and Tasks in Reporting Services to SharePoint Groups and Permissions

 

Applies To: SQL Server 2016

This topic compares role and task based authorization features in Reporting Services native mode to the security features in SharePoint products. This topic compares terminology and characteristics of roles, tasks, SharePoint groups, permission levels, and permissions.

Applies to:

 Reporting Services SharePoint mode | SharePoint 2010 and SharePoint 2013

 Reporting Services Native mode

In this topic:

Native mode: The Reporting Services native mode permission objects (roles and tasks) are created in SQL Server Management Studio and configured for individual users in Report Manager.

SharePoint mode: Reporting Services SharePoint mode utilizes the SharePoint permission features. SharePoint groups and permissions are managed from the following the Site Settings page.

The following table compares permission related objects and concepts between Reporting Services native mode and SharePoint.

Reporting Services Native modeSharePoint
Role: For example “Content Manager”.Group: For example the default “Viewers” group.
---Permission level group: For example “View Only” for the “Viewers” group.
Tasks: for example “Manage Reports”.Permissions: For example, within the “View Only” group there are list related permissions of view items, view versions, and view application pages.

For more information on SharePoint permissions, see Permission levels and permissions and Determine permission levels and groups in SharePoint 2013.

The following table compares the predefined role definitions in Reporting Services in native mode to standard SharePoint groups. If the SharePoint groups do not match the specific role that you want, you can create a custom group and assign permission levels in SharePoint.

Note: The default SharePoint groups available depend on the site template used to create the SharePoint site.

Reporting Services RoleSharePoint Groups
Browser

View
Use the Visitors group to grant permissions to view reports. The Visitors group has Read level permissions, which enables group members to view pages, list items, and documents.
Content Manager

Full permissions to all items and item-level operations, including permissions to set security.
Use the Owners group to grant full control over managing report server items on a SharePoint site. The Owners group has Full Control permissions, which enable group members to make changes to the site content, pages, or functionality. Full Control access should be limited to site administrators only.
My ReportsThere is no equivalent group. My Reports is not supported for a report server that runs in SharePoint mode. You can use the My Site features in Windows SharePoint Services if you want to use equivalent functionality.
Publisher

Add, update, view, and delete reports, report models, shared data sources, and resources.
Use the Members group to grant permissions to add items, edit items, and update references to dependent items on a SharePoint site. The Members group has Contribute level permissions, which allow group members to view pages, add and update items, and submit changes for approval.
Report Builder

View reports, self-manage individual subscription, and open reports in Report Builder.
There is no predefined out of the box permission level or SharePoint group that is equivalent to the Report Builder report definition. By default, users who belong to the Members group or Owners group have permission to use Report Builder. If you want to make Report Builder available to more users, you should create custom security settings to provide a level of permission that is similar to what the Report Builder role provides. For more information, see Set Permissions for Report Server Items on a SharePoint Site (Reporting Services in SharePoint Integrated Mode).
-Use the Viewers group to grant permissions to view rendered reports. The Viewers group cannot download or view the contents of report items.

 Note: Starting in SQL Server 2012 Reporting Services, the Viewers group does not have permissions to create subscriptions.
System User and System AdministratorThese roles are not necessary for a report server that runs in SharePoint mode. System User and System Administrator correspond to SharePoint farm or Web application level permissions. The report server does not provide any functionality that requires authorization at that level.

The following table compares Reporting Services Native mode tasks to SharePoint permissions. The Type column indicates if the Native mode task is related to a system role or standard role and items. System roles manage permissions on a system level, for example shared schedules.

Native mode taskRole TypeEquivalent SharePoint Permission
Consume reportsItemEdit Items, View Items.
Create linked reportsItemNot supported.
Manage all subscriptionsItemManage Alerts.
Manage data sourcesItemAdd items, Edit Items, Delete Items, View Items.
Manage foldersItemAdd items, Edit Items, Delete Items, View Items.
Manage individual subscriptionsItemEdit Items

Prior to SQL Server 2012, the required permission level was Create alerts.
Manage modelsItemAdd items, Edit Items, Delete Items, View Items.
Manage report historyItemEdit Items, View Versions, Delete Versions.
Manage reportsItemAdd items, Edit Items, Delete Items, View Items.
Manage resourcesItemAdd items, Edit Items, Delete Items, View Items.
Set security for individual itemsItemManage permissions
View data sourcesItemView Items.
View foldersItemView Items.
View modelsItemView Items.
View reportsItemView Items.
View resourcesItemView Items.
Execute report definitionsSystemView items.
Generate eventsSystemManage Web Site.
Manage jobsSystemNone (not supported).
Manage report server propertiesSystemNone (not applicable). The report server does not control whether a user has permission to view integration settings in Central Administration.
Manage rolesSystemManage Permissions.
Manage shared schedulesSystemManage Web Site, Open.
Manage report server securitySystemNone (not applicable). The report server does not use system-level role assignments on a server that runs in SharePoint integrated mode.
View report server propertiesSystemNone (not applicable). The report server does not control whether a user has permission to view integration settings in Central Administration.
View shared schedulesSystemOpen Items.

Set Permissions for Report Server Items on a SharePoint Site (Reporting Services in SharePoint Integrated Mode)
Set Permissions for Report Server Operations in a SharePoint Web Application
Granting Permissions on Report Server Items on a SharePoint Site
Role Definitions
Predefined Roles

Community Additions

ADD
Show:
© 2016 Microsoft