How to create permission matrix for SSRS Report

How to create permission matrix for SSRS Report

Since all report in AX 2012 are migrated in SSRS so it is very important to understand its permission matrix.

There are three way to assign permission in SSRS

To create a system-level Permission

1. If necessary, log on as a local administrator.
2. Open a browser window and type the Report Manager URL to start the application. For example http://<server name>/reportserver
3. Click Site Settings at the top of the page.
4. Click the Security tab at the side of the page. This page shows all system-level role assignments that are currently defined. On a new report server installation, only the two predefined roles, System Administrator and System User, are visible. There is one built-in role assignment that is created automatically; it maps the built-in local administrators group to the System Administrator role
5. Click New Role Assignment.
6. In Group or user name, specify a domain group account that includes all of the users who require permissions to view report server content and subscribe to reports. Specify the account in this format: domain\group. The account should be in the same domain or in a trusted domain. If you do not have a domain group that fits this description, you can specify individual domain user accounts instead.
7. Select System User.
8. Click OK.
9. Click New Role Assignment again.
10. In Group or user name, type the name of a domain user account for a user who has administrative responsibilities for this report server. Specify the account in this format: domain\user. The account should be in the same domain as the report server or in a trusted domain.
11. Select System Administrator.
12. Click OK.

You have successfully created two system-level role assignments. One role assignment grants minimal system-level permissions to a domain group account. The second role assignment grants administrative permissions to a specific user account

To create an item-level Permission

·         Assign the Browser role to users who will view reports and create individual subscriptions. 

·         Assign the Report Builder role to users who will perform all of the tasks provided in the Browser role, plus create reports in Report Builder. 

·         Assign the Publisher role to users who will perform all of the tasks provided in the previous roles, with additional permissions for publishing reports and models from Business Intelligence Development Studio. 

·         Assign the Content Manager role to a small set of users who will manage content on a report server. 

1.       Click Home at the top of the page to open the Report Manager home page.

2.       Click the Folder Settings button.

3.       Click New Role Assignment.

4.       In Group or user name, specify the name of a domain group account that includes all of the users who require permissions to view reports. Specify the account in this format: domain\group. The account should be in the same domain or in a trusted domain. If you do not have a domain group that fits this description, you can specify individual domain user accounts instead.

5.       Select Browser.

6.       Click OK.

7.       Click New Role Assignment again.

8.       Type the name of a domain user account for a user who has administrative responsibilities for this report server. Specify the account in this format: domain\user. The account should be in the same domain or in a trusted domain.

9.       Select Content Manager.

10.    Click OK to save the role assignments.

You have successfully created two item-level role assignments. One role assignment grants minimal permissions to a domain group account. The second role assignment grants administrative permissions to a specific user account.

To create  Permission  on the report

1.       Search Report on which security needed.

2.        click the Properties tab.

3.       Click Security.

4.       Click New Role Assignment.

5.       In Group or user name, specify a domain user account that needs permission to view the report.

6.       Select Browser.

7.       Click OK.

You have successfully created an item-level role assignment on a specific report. The user has permission to open folders and view a single report. No other items are visible to the user. To check your work, ask the user to open Report Manager and access the report.