• Article

Role Definitions

In Reporting Services, a role* *definition is a named collection of tasks that define the operations available on a report server. Role definitions provide the rules used by the report server to enforce security. When a user attempts to perform a task, such as publishing a report, the report server checks the user's role assignment to determine whether the task is included in their role definition. If the task is included in the role definition, the request is submitted.

Types of Role Definitions

Role definitions are either item-level or system-level definitions. An item-level role definition describes tasks that relate to items that are stored and managed on a report server, such as reports, folder, and models. Manage reports, View folders, and Manage individual subscriptions are examples of tasks you can include in an item-level role definitions. A system role definition includes tasks that apply to the site as a whole. View report server properties is an example of a task you might include in a system role.

Predefined Roles

Reporting Services includes predefined roles that correspond to different levels of user interaction. The following list contains the predefined roles you can use:

  • Content Manager, Publisher, Browser, Report Builder, and My Reports are item-level role definitions that you can use when creating role assignments for accessing report server content.

  • System Administrator and System User are system-level role definitions that you can use to authorize access to site operations.

For more information, see Using Predefined Roles.

Customizing Roles

Predefined roles can be modified or replaced with custom roles. To modify a role, you add to or remove tasks from the role definition. To create a role, you use Management Studio to specify a name and tasks it contains. You must create separate role definition for item and system tasks. Roles can include item-level tasks or system-level tasks, but not both. For more information, see Customizing Role Definitions.

Using Roles to Authorize Access to a Report Server

A role becomes operative only when it is used in a role assignment. For more information about how roles provide security, see Role Assignments.