Report Manager can be used to perform the following tasks
You can access items that are stored in a report server by navigating the folder hierarchy and clicking on items that you want to view or update, provided that you have permissions to do that. The ability to perform a task in Report Manager depends on the user role assignment. A user who is assigned to a role that has full permissions, such as a report server administrator, has access to the complete set of application menus and pages. A user assigned to a role that has permissions to view and run reports, on the other hand, sees only the menus and pages that support those activities.
Users can be assigned to multiple roles. Each user can have different role assignments for different report servers, or even for the various reports and folders that are stored on a single server. For more information refer Microsoft Report Manager help >>.
Provided that the suggested security settings are applied and the recommended path to access reports are used, an end user, i.e., a report viewer, will access Published Reports and Dashboard from IFS EE and not from Report Manager. Thus a report viewer will not have access to these folders in Report Manager so any change in these folders will only affect the Report Publisher user group.
Typically there are three user groups that use the External Report Integration within IFS Business Reporting & Analysis. These are Report Administrators, Report Publishers and Report Viewers. A Report Administrator has the overall permission and can administrate and manage everything related to Reporting Services. Report Publishers are power users that create reports that are viewed by other users. This user group stores reports in the Report Manager Published Reports and Dashboards folders. Report Publishers also have permissions to configure and manage these folders. Report Viewers are end users that have access to view published reports and dashboards. This user category can also work with ad hoc reporting in Report Builder, create their own reports and save them in their My Report personal folders to which only they have access. A Report Viewer can manage his own My Report folder but has no permission to administrate any of the other report folders in Report Manager.
In Report Manager you define which user group should have access to respective folder. Access can be given to a single user or to a user group with multiple users.
It is advisable to give access on Report Manager folders to user groups instead of single users since that will facilitate Report Manager folder administration. The user group must be a valid domain account at the network and it is recommended to create user groups for Report Administrators, Report Publishers and Report Viewers. For information on how to create user groups, check your windows security documentation. The user groups will then be connected to the Report Manager folders and this is further described in the Configuration of Report Services >>.
Add domain users to the user groups according to the functionality that they need to access.
Reporting Services installs with predefined roles that you can use to grant access to report server operations. Each predefined role describes a collection of related tasks. Use SQL Server Management Studio to view the set of tasks that each role support. We recommend that the predefined roles and their related tasks are kept unchanged. Refer Microsoft documentation for more information on the pre-defined roles in Reporting Services >>.
The predefined roles that will be used in IFS Reporting are; Content Manager, Publisher, Browser and Report Builder. In addition to this we need a new role with permissions only to view reports. This is described in the next section.
For IFS Reporting we need one additional role in the Reporting Server. This new role should only have access to view reports and should be attached to the Report Viewer user group for the Dashboards and Published Reports folders. This is further described in the Configuration Report Manager page.
To create a new role:
The site setting security page controls access to the report server site. System role assignments exist outside of the scope of the report server namespace or folder hierarchy. Operations that are supported through system role assignments include creating and using shared schedules, using Report Builder, and setting default values for some server features.
A default system role assignment is created when the report server is installed. This system roles assignment grants to local system administrators permissions to manage the report server environment. All other users who requires access to Report Builder must also be assigned to a system role assignment. This implies that all user groups, Report Administrators, Report Publisher and Report Viewers must be assigned to a system role to be able to use Report Builder. A system administrator must execute the the steps below.
The contents page in Report Manager shows the items that you have permission to view. Depending on the permissions you have, you may also be able to move, delete, and add items.
The security settings that are set on the root folder, Home, gets inherited to subfolders. During Reporting Services installation the Administrator will be given the Content Manager role.
If you have created the user group according to the security description, you should update the security settings on the Home folder according to the following description:
| User Group | Role(s) |
|---|---|
| Report Administrator | Content Manager |
| Report Publisher | Publisher, Browser, Report Builder |
| Report Viewer | Browser |
The role assignments for the new created folders will be inherited from the parent level which implies that Report Publishers will be connected to the Publisher, Browser and Report Builder roles and Report Viewers will be connected to the Browser role. However the role assignment for Report Viewers should be changed from Browser to Viewer. The reason for this is that Report Viewers should access Published Reports and Dashboards from IFS Applications and not from Report Manager.