A user or group can have only one role assignment for any SSRS resource. Role
assignments can, however, be nested. For example, an administrator can create
a role assignment for a user who is a member of a group that has a role assignment
on the same SSRS resource. In that case, SSRS grants the user permissions for
all tasks in the role definitions of both the user and group role assignments.
SSRS role assignments can leverage permission inheritance. Permission inheritance
means that a child object automatically receives the permissions that are defined
on its parent object. In SSRS, all child folders and reports in the SSRS report
folder hierarchy automatically inherit the role assignments of their parent
folder, which greatly simplifies administration of role assignments. Instead
of having to assign roles for each report item and folder, an administrator
can assign roles just once, on the level of the parent report folder, and know
that those roles will automatically apply to all child folders and reports.
Configuring Role Assignments
In an item-level role assignment, an administrator associates an item-level
role with a Windows user or group and with an SSRS report folder or report.
An item-level role assignment defines what a user or group can do with the associated
report folder or report. Item-level role assignments are used to set SSRS user
and data administrator permissions and can be defined from both Report Manager
and SSMS.
To set an item-level role assignment in Report Manager, navigate to and open
the folder or report for which you want to configure role assignments, then
click the Properties tab. Click Security to view the resource's role assignments.
To change the role assignments that the resource inherited from its parent folder,
click Edit Security Settings. SSRS asks whether you really want to change the
security settings on the item. When you click OK, a Web page is displayed on
which you can configure item-level role assignments. To add a role assignment,
click the New Role Assignment link to display a Web page like the one in Figure
2. Select the check box for each role you want to assign and click OK.
To configure an item-level role assignment in SSMS, access the folder hierarchy
from the SSMS Home container and navigate to the folder or report for which
you want to configure role assignments. Open the properties of the folder or
report and click Permissions in the left pane. In the right pane, you can then
define the itemlevel role assignments, as Figure
3 shows.
To set a system-level role assignment in Report Manager, click Site Settings
in the top right corner of the SSRS Home page. (If Site Settings isn't available,
you don't have permission to access these settings.) In the Security section
at the bottom of the Site Settings page, click Configure site-wide security
to open the System Role Assignments Web page. On this page you can delete
and edit role assignments, or you can click New Role Assignment to configure
access for a new user or group.
To set a system-level role assignment in SSMS, open the reporting server's
properties. (The reporting server is represented as the SSMS root container.)
Then select the Security container to open the interface from which you can
edit system-level role assignments.
Indispensable Security Controls
With SSRS's easy-to-use role-based controls to secure the access to your organization's
report data and the ability to leverage your existing AD infrastructure, it's
simpler than you might realize to secure report data. These mechanisms can significantly
ease the burden for organizations that need to configure their SSRS-based reporting
system for compliance with government or industry regulations.
End of Article
Prev. page
1
[2]
next page -->
