Reporting Services provides a fixed set of tasks that describe all possible operations that can be performed on a report server. A role definition is a named collection of tasks that define the operations a user can perform on a report server. It provides the rules used by the report server to enforce security. When a user attempts to perform an operation, such as publishing a report to a folder, the report server first evaluates the item's role assignment to determine the user's role and which tasks are allowed. If the task is included in the role definition, the request is submitted.
To create or modify a role, you add to or remove tasks from the role definition. Item-level tasks can be combined to create role definitions that are used for working with items, such as reports or folders. System-level tasks can be combined into role definitions that are used for management of the report server site. Roles can include item-level tasks or system-level tasks, but not both.
A role becomes operative only when it is used in a role assignment. For more information about how roles provide security, see Role Assignments.
Reporting Services includes predefined roles that are commonly found in organizations. These roles can be modified or renamed. There are several management-level roles. There is also a Browser role for users who only view reports. For more information, see Predefined Roles Overview and Creating, Modifying, and Deleting Role Definitions.
TasksHow to: Create, Delete, or Modify a Role (Management Studio)
How to: Create, Delete, or Modify a Role (Report Manager)
How to: Create, Delete, or Modify a Role Assignment (Management Studio)
How to: Create, Delete, or Modify a System Role Assignment (Report Manager)
ConceptsTasks and Permissions in Reporting Services
Managing Permissions and Security for Reporting Services