If you are familiar with setting security for SMS 2003/SCCM 2007 ASP web reporting, you may not be aware that security in SQL Server Reporting Services is different.
Role Based Access Security sometimes referred to as RBAC, uses the concept of adding users/groups to pre-created security groups with particular pre-defined permissions for a given role.
In essence, by adding a user to a particular role, this allows the user the proper and appropriate permissions to accomplish a particular task.
Lets start by listing the pre-defined available roles for SQL Server 2008 (there were a couple of minor revisions from SQL Server 2005).
| Predefined Roles | Description |
| Browser Role | Run reports, subscribe reports and navigate through the folder structure. |
| Publisher Role | Users who are assigned to this role can add items to a report server, including the ability to create and manage folders that contain those items. |
| Content Manager Role | Includes all item-level tasks. Users who are assigned to this role have full permission to manage report server content, including the ability to grant permissions to other users, and to define the folder structure for storing reports and other items. |
| Report Builder Role | Build and edit reports in Report Builder. |
| My Reports Role | Build reports for personal use or store reports in a user-owned folder. |
| System Administrator Role | Enable features and set defaults, set site-wide security, create role definitions, and manage jobs. |
| System User Role | View basic information about the report server such as the schedule information in a shared schedule. |
The first five roles in the list are considered 'item level' scope, in that they apply to items in the SSRS server. The last two; System Administrator Role and System User Role are scoped as 'system wide'. The Content Manager Role listed above is the default role, similar in nature to the default Administrator group in Windows.
If you wanted to allow a user/group the ability to browse, run reports, create subscriptions, you'd add them to the Browser role.
Additionally, you have the ability to create custom roles within SSRS.
This is one area that is not well integrated with the SCCM 2007 R2 MMC. To create, define and modify your SSRS security use the following as a reference:
Administration of the roles
1) SQL Server 2005 - use the default SSRS administration web page
2) SQL Server 2008 - use the SQL Server Management Studio