Using Built-in Security in Windows SharePoint Services for Report Server Items

Windows SharePoint Services 3.0 provides built-in security features that you can use to access report server items from SharePoint sites and libraries. If you already assigned site and list permissions to users, those same users will have access to report server items and operations immediately after you configure the integration settings between Windows SharePoint Services and a report server.

Securable Items

Permissions that are defined on the site or library can be used to grant access to report server items. However, if you want to secure individual items, you can set permissions on the following content types:

File type

Description

.rdl

A report definition file that defines the report layout and the commands used to retrieve data. A report definition uses data source connection information to retrieve data when the report is processed. If the report definition is an ad hoc report that was created in Report Builder, the report is paired with a report model (.smdl) file that sets the scope on data exploration in the rendered report.

.smdl

A report model file that describes data structures and how they relate. It is used to create and run Report Builder reports.

.rsds

A shared data source file that specifies connection information to an external data source. It is used by report definitions (.rdl) and report model (.smdl) files. Report models always use .rsds files to get connection information to an underlying data source. Report definitions can use .rsds files, or connection information that is defined in data source properties on the report.

Schedules, subscriptions, and report history are not securable items. You can set permissions on the site or library that determine whether a user can create or use schedules, subscriptions, and report history, but you cannot secure those items directly.

To secure individual items, select the item in the library, click the down arrow, and select Manage Permissions. In the Actions menu, select Edit Permissions.

Using built-in groups and permission levels to access report server items

When you use permission inheritance and standard SharePoint groups, you can access most report server operations immediately after you configure integration settings on the report server and Windows SharePoint Services instances.

Windows SharePoint Services provides standard groups that map to predefined permission levels that determine how you access documents and pages on a SharePoint site. If you are using standard groups and default permission levels, and your sites are configured to inherit permissions, you can expect to work with Reporting Services features in the following ways:

SharePoint Groups

Permission level

Summary

Report Server Access

Owners

Full Control

Owners have full permissions to create, manage, and secure report server items and operations.

Set permissions that control access to all report server items stored in libraries throughout the site. Set permissions within a report model (also referred to as model item security). Customize a Report Viewer Web Part. Add reports and other items to libraries. Edit item properties for reports and other documents. Delete reports and other items. View reports, including reports that use report models for data exploration. Set parameters on reports. Set processing options on a report. Generate report models. Create reports in Report Builder. Create and manage shared data sources. Create, change, and delete subscriptions that are owned by any user. Create and manage shared schedules used throughout the site. Create and manage versions of a document, including report history. Download the source file for a report definition or a report model. Replace a report definition, report model, shared data source, or resource (preserving item properties and permissions).

Members

Contribute

Members can create new items and publish items reports and models from design tools to a SharePoint library.

Add reports and other items to libraries. Edit item properties for reports and other documents. Delete reports and other items. View reports, including reports that use report models for data exploration. View past versions of a document, including report history snapshots (requires that a user also has permission to open the report for which report history was created). Set parameters on reports. Set processing options on a report. Generate report models. Create reports in Report Builder. Create and manage shared data sources. Create, change, and delete subscriptions that are owned by the user. Use shared schedules with a subscription. Create and manage versions of a document, including report history. Download the source file for a report definition or a report model. Replace a report definition, report model, shared data source, or resource (preserving item properties and permissions).

Visitors

Read

Visitors can view any reports and create user-owned subscriptions to deliver reports on a regular schedule.

View reports, including reports that use report models for data exploration. Create, change, and delete subscriptions that are owned by the user. Use shared schedules with a subscription. Download the source file for a report definition or a report model.

If you are not using the built-in groups and permission levels, you must include specific permissions in order to access Reporting Services features. For instructions, see Setting Permissions for Report Server Operations in a SharePoint Web Application.