Creating Custom RBAC Enabled Reports in ConfigMgr 2012 R2

This post will step you through the process of creating custom reports in ConfigMgr 2012 R2 that will enforce your Role Based Access Control (RBAC) policies. Configuration Manager reports are now fully enabled for role-based administration. The data for all reports included with Configuration Manager is filtered based on the permissions of the administrative user who runs the report. Administrative users with specific roles can only view information defined for their roles. TechNet reference

Step 1: Determine the data you wish to report on

Using SQL Management Studio, confirm your SQL query against the new fn_rbac table views passing through the ('disabled') parameter to bypass the requirement of passing through a user SID

NOTE: all fn_rbac_<table> views can be found under "Tabled-valued Functions".

If you query v_<tables> than RBAC is ignored.

Step 2: Create a new custom report in ConfigMgr Management Console UI

Step 3: Editing your custom report will launch SQL Report Builder

Step 4: Design Your Report

Confirm you can see Dataset values and select the type of Report you want to create

Step 5: Design and format your report as required

Step 7: Configure the Dependencies for RBAC

Create a New Dataset

NOTE: If you do not see the REFERENCES option, try and run your report, it will fail however will present the References parameters

ALL DONE..

Step 8: Test your custom report

To test I have granted an admin account "sccm2012r2\Ian" that is limited only to the collection called "Ian's Collection"

Launch the ConfigMgr console using SCCM2012R2\Ian