Identity and Access Control (Reporting Services)

Reporting Services provides an authentication subsystem and role-based authorization model. Authentication and authorization models vary depending on whether the report server runs in native mode or SharePoint integrated mode. If the report server is part of a larger deployment of a SharePoint product or technology, SharePoint permissions determine who has access to the report server.

Default authentication is based on Windows Authentication and integrated security. You can change the authentication settings to allow the report server to respond to different authentication requests, or even replace the default security features with a custom authentication extension that you provide.

Authorization is based on roles that you assign to a principle. Each role consists of a set of related tasks, which are in turn composed of related operations. For example, the Manage reports task grants access to the following report server operations: view reports, add report, update report, delete report, schedule report, and update report properties.

In SharePoint integrated mode, authentication and authorization are handled on the SharePoint site, before requests reach the report server. Depending on how you configure authentication, requests from a SharePoint site include a security token or a trusted user name. Permissions that you set for SharePoint users and groups authorize access to report server items that are placed in SharePoint libraries.

Granting Permissions on a Native Mode Report Server

Describes the role-based authorization model that provides access to content and operations.

Granting Permissions on Report Server Items on a SharePoint Site

Explains how SharePoint groups, permission levels, and permissions are used to control access to a report server.

Tutorial: Setting Permissions in Reporting Services

Explains how to create item-level and system role assignments for comprehensive permissions across and throughout a report server site.