Granting Permissions on Report Server Items on a SharePoint Site
Microsoft SharePoint Foundation 2010 provides built-in security features that you can use to grant access to report server items that you access from SharePoint sites and libraries. If you already assigned permissions to users, those same users will have access to report server items and operations immediately after you configure the integration settings between SharePoint Foundation 2010 and a report server. You can use existing permissions to upload report definitions and other documents, view reports, create subscriptions, and manage items.
If you have not assigned permissions or if you are not familiar with the security features in SharePoint Foundation 2010, follow these guidelines:
In the product documentation for SharePoint Foundation 2010, read about the default security settings for the standard SharePoint groups so that you know how to manage permissions and user access.
Review the list of permissions that specifically affect access to report server items and operations. For more information, see Use Built-in Security in Windows SharePoint Services for Report Server Items.
Assign user and group accounts to predefined SharePoint groups.
Optionally, create new permission levels and groups, or modify existing ones to vary server access permissions as specific needs arise.
To use SharePoint Foundation 2010 security features with report server items, you must have a report server that runs in SharePoint integrated mode.
The following list provides a brief introduction to the security features in SharePoint Foundation 2010. For more information, see "Windows SharePoint Help and How-to" on your SharePoint site.
Securable objects include sites, lists, libraries, folders, and documents.
A permission is an authorization to perform a specific task. SharePoint Foundation 2010 provides 33 predefined permissions that you can combine into a permission level.
A permission level is a set of permissions that can be granted to users or SharePoint groups on a securable object such as a site, library, list, folder, item, or document. It is equivalent to a role definition in Reporting Services. There are five predefined permission levels. You can customize them or create new ones if needed.
A SharePoint group is a group of users that you can create on a SharePoint site to manage permissions to the site and to provide an e-mail distribution list for site members. A SharePoint group consists of Windows user and group accounts, or user logins if you are using Forms authentication. SharePoint Foundation 2010 provides three groups. You can customize them or create new ones if needed.
Permission inheritance allows subsites, lists and libraries, and items to inherit the security settings of the parent site. You can use inherited permissions to access report server items that are stored in a SharePoint library. Using permission inheritance and the predefined SharePoint groups can help simplify your deployment and provides immediate access to most report server operations.
The administrator who installs SharePoint Foundation 2010, runs the SharePoint Configuration Wizard, and creates the portal site becomes the default portal site owner. The site owner can set permissions in Central Administration for a farm or a stand-alone SharePoint Web application, and can set permission at the top-level site for each SharePoint Web application. This person can also designate additional site owners.
At the top-level site of a SharePoint Web application, site collection administrators can set permissions for multiple sites throughout the site hierarchy. Individual site owners can perform the same tasks relative to a subsite.
A server administrator or a site collection administrator can set options that determine whether other site owners can set permissions. Depending on the level of permissions you have, you might not be able to create or customize SharePoint groups or permission levels.
Recommendations in SharePoint Foundation 2010 product documentation suggest that you use standard SharePoint groups (which are Site name Owners, Site name Members, and Site name Visitors) and assign permissions at the site level. Most users that you assign permissions to should be members of the Site name Visitors or Site name Members groups. Permissions on the parent site are inherited throughout the site hierarchy. You can break permission inheritance for specific items that require additional restrictions.
The following SharePoint groups have the following predefined permission levels:
The Owners group has Full Control permissions, which enable group members to change the site content, pages, or functionality. Full Control access should be limited to site administrators only.
The Members group has Contribute level permissions, which allow group members to view pages, edit items, submit changes for approval, add, and delete items from a list.
The Visitors group has Read level permissions, which enables group members to view pages, list items, and documents.
The SharePoint groups have permission levels that provide immediate access to many report server operations. If you find that the built-in security settings do not provide the level of access that you need, you can create custom groups or permission levels.
For more information about which report server operations are supported through the default security features, see Use Built-in Security in Windows SharePoint Services for Report Server Items.
To use the built-in security features, you must assign Windows user or group accounts to the SharePoint groups. Except for the server administrator and portal site owner who have automatic access to SharePoint Foundation 2010 when the software is installed, all other users must be granted permissions to access the server.