A common issue when working with reporting is that some users cannot see the report folders and files in the Reporting section of the Service Manager console. It is important to know that access to the reports is controlled by the permissions configured in SQL Server Reporting Services.
When you first install the Service Manager Data Warehouse Management Server, the setup will automatically add the Service Manager Service Account as well as the Management Group Administrators group or user as Content Managers to SQL Server Reporting Services. Any other users that work with Service Manager need to be granted access to the reports manually.
Before you can configure report permissions, it is important to have a concept of how you would like your reports to be organized and structured in folders, and whom you will need to grant the access to.
In this example, we will grant a user or group read access to all reports of Service Manager:
- Open your web browser and navigate to the following URL:
http://[SCSMDWSQL]/Reports. - Replace [SCSMDWSQL] with the fully qualified domain name of the SQL server, which is used for reporting. If SQL Server Reporting Service is running as a named instance, the syntax of the URL will be the following:
http://[SCSMDWSQL]/Reports_[InstanceName]. - Navigate to Folder Settings | Security | New Role Assignment.
- In the Group or user name box, type the domain and name of the group or the user you would like to grant access to in the format
[Domain][User/Group]. Check the Browser option and then click on OK.
- In the menu to the top-right, click on Home to get back to the root folder view. Click on the SystemCenter folder. Then click on the ServiceManager folder.
- Repeat the procedures described in steps 2 and 3 to grant the same permissions to the ServiceManager folder.
The user or the members of the group that you configured will now be able to access the Service Manager reports through both the Service Manager console as well as the web browser. Please note that the users will have to restart the Service Manager console to be able to see the folders and reports.
The way how permissions are configured in SQL Server Reporting Services is very similar to what you might know about configuring permissions in an NTFS filesystem. You can work with permissions on folders that are inherited to subfolder and files, and also, break inheritance where needed. This allows you to control which folders and reports are made available to your end users.
When working with permissions in SQL Server Reporting Services, you should know about the basic concepts of security roles and the inheritance of permissions. We will cover these two topics in this section.
Configuring permissions for reports requires deciding which actions the users are allowed to perform on the corresponding permission level. These actions can be configured by the use of security roles.
The following three security roles are important to know about when working with SQL Server Reporting Services security settings:
- The Browser security role allows the members to view folders, reports, and subscribe to reports.
- The Publisher security role allows the members to publish reports and linked reports.
- The Content Manager security role allows the members to manage content in the report server. This includes folder, reports, and other resources such as data sources, datasets, and so on.
If you thoroughly plan and configure report permissions for Service Manager, and provided that the instance of SQL Server Reporting Services is not used for other purposes than Service Manager, you can revert the security settings on the ServiceManager folder back to parent security. You will, then, only configure permissions on the root folder, and you will have the ability to apply less restrictive permissions on any subfolder you want by breaking inheritance from the parent.
To revert the security settings of a folder back to its parent, proceed as follows:
- On the SQL Server Reporting Services website, open the folder for which you would like to change the security settings.
- Click on Folder Settings | Security.
- Click on Revert to Parent Security.
- A warning message will appear. Confirm by clicking on OK.
To break inheritance of the security settings of a folder's parent folder, proceed as follows:
- On the SQL Server Reporting Services website, open the folder for which you would like to change the security settings.
- Click on Folder Settings | Security.
- Click on Edit Item Security.
- A warning message will appear. Confirm with OK.