Customizing Role Definitions

A role definition is a named collection of tasks that specify which tasks a user is allowed to perform in connection with a folder, report, or other item. Role definitions can contain either item-level or system-level tasks. You cannot combine tasks from both levels into a single role definition.

Reporting Services includes several predefined roles to accommodate various categories of users. You can create additional roles if the predefined roles are insufficient. You can modify or delete either the predefined roles or the custom roles you create, as long as you do not invalidate the last remaining role assignment for your report server.

Because the number of tasks that you can work with is relatively small, you typically do not need a large number of role definitions. Creating or modifying a role definition requires careful consideration. If you create too many roles, they become difficult to maintain and manage. If you modify an existing role, you may not know which role assignments use it or how users will be affected by the modification. Role-based security is central to the security model of Reporting Services and understanding its implications is important. For more information, see Role Definitions and Role Assignments.

Creating a Role Definition

Creating a role definition consists of providing a name and choosing a set of tasks for the definition. To create a role definition, you must have permission to do so. The "Set security for individual items" task provides these permissions. By default, administrators and users who are assigned to the predefined Content Manager role can perform this task.

A role must have a unique name. To be valid, the role definition must contain at least one task. For more information, see Tasks and Permissions.

To create a role definition, use SQL Server Management Studio. For more information, see How to: Create, Delete, or Modify a Role (Management Studio).

After you create a role definition, you can use it by selecting it in a role assignment. For more information, see How to: Grant User Access to a Report Server (Report Manager).

Modifying or Deleting a Role Definition

You can modify a role definition by adding or removing tasks. You cannot rename it. Any changes you make are applied immediately to all role assignments that include the role definition.

You can delete a role definition if you are no longer using it. You cannot delete the role definition that is selected for the My Reports feature as long as that feature is enabled. Before you can delete the role definition used for My Reports, you must first disable the feature or select a different role definition to use with it. For more information, see Managing My Reports.