Share via

SSRS: How to setup the folder security roles in SQL Server Reporting Services

  • Article

In SSRS, new roles and adjustments to existing roles must be performed in SQL Server Management studio, SSMS. After opening up SSMS, click on "Connect" and select "Reporting Services…"

Enter your Server Name and login information and then click Connect.

After connecting to the Report Server, open the Security Folder right click on "Roles" and click on "New Role…"

I created 2 new roles ("Browser Group", "Functional Owner") with the same permission as "Browser".

Then on the report manager click on the down arrow for a folder and select "Security"

Then click "New Role Assignment"

Then enter the Active Directory group or an email address and check the new role you created.

You can then query the server for the permissions and show these in a report.

WITH 
catalog_type_description
AS
(
 SELECT tbl.* FROM (VALUES
     ( 1, 'Folder')
   , ( 2, 'Report')
    , ( 3, 'Resource')
  , ( 4, 'Linked Report')
 , ( 5, 'Data Source')
   , ( 6, 'Report Model')
  , ( 8, 'Shared Dataset')
    , ( 9, 'Report Part')
   ) tbl ([TypeID], [TypeDescription]) 
   WHERE 
     [TypeID] = 1
)
, 
nonreport_folders
AS
(
  SELECT tbl.* FROM (VALUES
     ( 'Images')
  , ( 'SharedDataSets')
   , ( 'Data Sources')
 , ( '')
 ) tbl ([FolderName]) 
)
, 
reporting_role_names -- added roles to the report server
AS
(
 SELECT tbl.* FROM (VALUES
     ( 'Browser Group')
   , ( 'Functional Owner')
 ) tbl ([RoleName]) 
)
, 
user_list
AS
(
    SELECT 
       [usr].[UserID]
     , [usr].[UserName]
        , [UserNameFormat] = CASE
                     WHEN CHARINDEX('\', [usr].[UserName]) > 0 THEN UPPER(SUBSTRING([usr].[UserName], CHARINDEX('\', [usr].[UserName]) + 1, LEN([usr].[UserName])))
                       ELSE [usr].[UserName]
                       END
    FROM 
      [dbo].[Users] AS [usr]
)
, 
reporting_roles
AS
(
    SELECT 
      [cat].[Name]
       , [rol].[RoleName]
        , [usr].[UserNameFormat]
      , [ReportingRoleName] = [rpt].[RoleName]
    FROM
      [dbo].[Catalog] AS [cat]
      INNER JOIN [catalog_type_description] AS [tpd] ON [cat].[Type] = [tpd].[TypeID]
       LEFT JOIN [dbo].[PolicyUserRole] AS [urol] ON [urol].[PolicyID] = [cat].[PolicyID]
        LEFT JOIN [dbo].[Roles] AS [rol] ON [urol].[RoleID] = [rol].[RoleID]
      LEFT JOIN [reporting_role_names] AS [rpt] ON [rpt].[RoleName] = [rol].[RoleName]
      LEFT JOIN [dbo].[Policies] AS [pol] ON [urol].[PolicyID] = [pol].[PolicyID]
       LEFT JOIN [user_list] AS [usr] ON [urol].[UserID] = [usr].[UserID]
        LEFT JOIN [nonreport_folders] AS [nrf] ON [nrf].[FolderName] = [cat].[Name]
    WHERE
    1 = 1
      AND [nrf].[FolderName] IS NULL
)
SELECT DISTINCT 
   [FolderName] = [rpt].[Name]
  , [rpt].[RoleName]
  , [UserNameFormat] = STUFF(
    (
        SELECT 
             '; ' + [rol].[UserNameFormat]
       FROM [reporting_roles] AS [rol]
        WHERE
            [rol].[RoleName] = [rpt].[RoleName]
         AND [rol].[Name] = [rpt].[Name] FOR
       XML PATH('')
    ), 1, 1, '')
   , [ReportingRoleName]
FROM 
    [reporting_roles] AS [rpt];

References:
https://code.msdn.microsoft.com/SQL-Server-Reporting-SSRS-50c4d06b
http://bhushan.extreme-advice.com/user-roles-and-permissions-in-ssrs/
https://www.mssqltips.com/sqlservertip/2793/sql-server-reporting-services-2012-permissions/