Share via


Comparing Roles and Tasks in Reporting Services to SharePoint Groups and Permissions

If you are familiar with the Reporting Services role-based authorization model, this topic can help you relate the role-based authorization features in Reporting Services to the security features in SharePoint products. This topic compares terminology and characteristics of roles, tasks, SharePoint groups, permission levels, and permissions.

Comparing Roles and SharePoint Groups

The following table compares the predefined role definitions in Reporting Services in native mode to standard SharePoint groups. If the SharePoint groups do not match the specific role that you want, you can create a custom group and assign permission levels in SharePoint.

Reporting Services Role

SharePoint Groups

Content Manager

Full permissions to all items and item-level operations, including permissions to set security.

Use the Owners group to grant full control over managing report server items on a SharePoint site. The Owners group has Full Control permissions, which enable group members to make changes to the site content, pages, or functionality. Full Control access should be limited to site administrators only.

Publisher

Add, update, view, and delete reports, report models, shared data sources, and resources.

Use the Members group to grant permissions to add items, edit items, and update references to dependent items on a SharePoint site. The Members group has Contribute level permissions, which allow group members to view pages, add and update items, and submit changes for approval.

Report Builder

View reports, self-manage individual subscription, and open reports in Report Builder.

There is no predefined out of the box permission level or SharePoint group that is equivalent to the Report Builder report definition. By default, users who belong to the Members group or Owners group have permission to use Report Builder. If you want to make Report Builder available to more users, you should create custom security settings to provide a level of permission that is similar to what the Report Builder role provides. For more information, see How to: Set Permissions for Report Server Items on a SharePoint Site (Reporting Services in SharePoint Integrated Mode).

Browser

View reports and self-manage individual subscriptions.

Use the Visitors group to grant permissions to view reports and create subscriptions. The Visitors group has Read level permissions, which enables group members to view pages, list items, and documents.

-

Use the Viewers group to grant permissions to view rendered reports. The Viewers group cannot download or view the contents of report items.

System User and System Administrator

These roles are not necessary for a report server that runs in SharePoint integrated mode. System User and System Administrator correspond to SharePoint farm or Web application level permissions. The report server does not provide any functionality that requires authorization at that level.

My Reports

There is no equivalent group. My Reports is not supported for a report server that runs in SharePoint integrated mode. You can use the My Site features in Windows SharePoint Services if you want to use equivalent functionality.

Comparing Tasks and Permissions

The following table compares Reporting Services tasks to Windows SharePoint Services permissions.

Task

Type

Equivalent Permission

Execute report definitions

System

View items.

Generate events

System

Manage Web Site.

Manage jobs

System

None (not supported).

Manage report server properties

System

None (not applicable). The report server does not control whether a user has permission to view integration settings in Central Administration.

Manage roles

System

Manage Permissions.

Manage shared schedules

System

Manage Web Site, Open.

Manage report server security

System

None (not applicable). The report server does not use system-level role assignments on a server that runs in SharePoint integrated mode.

View report server properties

System

None (not applicable). The report server does not control whether a user has permission to view integration settings in Central Administration.

View shared schedules

System

Open.

Consume reports

Item

Edit Items, View Items.

Create linked reports

Item

Not supported.

Manage all subscriptions

Item

Manage Alerts.

Manage data sources

Item

Add items, Edit Items, Delete Items, View Items.

Manage folders

Item

Add items, Edit Items, Delete Items, View Items.

Manage individual subscriptions

Item

Create alerts.

Manage models

Item

Add items, Edit Items, Delete Items, View Items.

Manage report history

Item

Edit Items, View Versions, Delete Versions.

Manage reports

Item

Add items, Edit Items, Delete Items, View Items.

Manage resources

Item

Add items, Edit Items, Delete Items, View Items.

View data sources

Item

View Items.

View folders

Item

View Items.

View models

Item

View Items.

View reports

Item

View Items.

View resources

Item

View Items.