Reporting Services uses role-based security to control access to items that are stored on a report server. When you grant a user access to a report server, you typically do so by creating a pair of role assignments:
At the site level
On Home, which is the root node of the report server folder hierarchy
Security is inherited within the report server folder hierarchy. Creating role assignments at the site level and on the Home folder sets permission inheritance that extends to all items and operations on a report server.
You can override permission inheritance by defining security for individual items. Items that you can secure individually include:
Shared data sources
Other constructs, such as schedules and subscriptions, are not explicitly secured. Schedules and subscriptions operate within the security of a report.
The following table lists securable items and describes their characteristics.
Folder security applies to the folder itself and the items it contains. The Home folder is the root node of the folder hierarchy. Security that you set for this folder establishes the initial security settings for all subordinate folders, reports, resources, and shared data sources in the folder hierarchy. For more information, see Securing Folders.
My Reports is a special-purpose folder that is secured through an implied role assignment based on a dedicated role. For more information, see Securing My Reports.
Reports and linked reports can be secured to control the range of actions that users can perform, such as changing the properties of a given report.
Report history is secured through the report that contains the history. You cannot secure individual snapshots within report history.
For more information about report security, see Securing Reports and Resources.
You can specify role assignment on all or part of a report model. Because report models can be quite extensive, you might want to secure the model items that map to confidential data. For more information, see Securing Models.
Resources can be secured to control access to the resource itself and its properties.
Only stand-alone resources can be secured as separate items. Resources that are embedded within a report cannot be secured separately from that report.
For more information about resource security, see Securing Reports and Resources.
Shared data sources
Shared data sources can be secured to limit access to the item and its property pages. For more information, see Securing Shared Data Source Items.
Shared datasets can be secured to control the range of actions that users can perform, such as viewing or changing the definition, or changing the properties of a given shared dataset.
For more information, see Securing Shared Dataset Items.