grant-user-access-to-a-report-server.md

title	Grant users access to a report server
description	See how to grant members of your organization access to your report server. Find out how to assign item-level and system-level roles to users and groups.
ms.date	09/25/2024
ms.service	reporting-services
ms.subservice	security
ms.topic	how-to
ms.custom	updatefrequency5
helpviewer_keywords	removing role assignments permissions [Reporting Services], granting report server access roles [Reporting Services], assignments modifying role assignments deleting role assignments

Grant users access to a report server

[!INCLUDESSRS applies to 2016 and later]

SQL Server Reporting Services (SSRS) uses role-based security to grant users access to a report server. On a new report server installation, only users who are members of the local Administrators group can access report server content and operations. To make the report server available to other users, you must create role assignments that map user or group accounts to a predefined role that specifies a collection of tasks.

This article focuses on using the web portal to assign users to a role. This information applies to a native mode report server.

If your report server is configured for SharePoint integrated mode, you configure access from a SharePoint site by using SharePoint permissions. Permission levels on the SharePoint site determine access to report server content and operations. You must be a site administrator to grant permissions on a SharePoint site. For more information, see Grant permissions on report server items on a SharePoint site.

Prerequisites

• A configured native mode report server. For more information, see Configure a native mode report server for local administration.
• Membership in the local Administrators group on the report server.
• Optionally, roles that are customized or defined for tasks. For example, if you want to use custom security settings for individual items, you can create a new role definition that grants view-access to folders. For more information, see Predefined roles in Reporting Services and Create, delete, or modify a role (Management Studio).

Role types

There are two general types of roles that you can assign to users and groups:

• Item-level roles are used to view, add, and manage report server content, subscriptions, report processing, and report history. You define item-level role assignments on the root node (the Home folder) or on specific folders or items farther down the hierarchy.

• System-level roles grant access to site-wide operations that aren't bound to any specific item. Examples include using Report Builder and shared schedules.

The two types of roles complement each other and should be used together. For this reason, adding a user to a report server is a two-part operation. If you assign a user to an item-level role, you should also assign them to a system-level role.

When you assign a user to a role, you must select a role that's already defined. To create, modify, or delete roles, use [!INCLUDESQL Server no version] [!INCLUDEManagement Studio]. For more information, see Create, delete, or modify a role (Management Studio).

Delegate the assignment task

To delegate the task of assigning roles to other users, create role assignments that map user accounts to Content Manager and System Administrator roles. Users who have Content Manager and System Administrator permissions can add users to a report server. For more information, see Predefined roles in Reporting Services.

Add a user or group to a system role

1. Go to the report server web portal.

2. In the upper-right corner, select the gear icon, and then select Site settings.

   :::image type="content" source="media/grant-user-access-to-a-report-server/settings-icon-menu.png" alt-text="Screenshot that shows the report server web portal gear icon with its menu open. In its menu, Site settings is highlighted.":::

3. Under Site settings, select Security.

4. Select Add group or user.

   :::image type="content" source="media/grant-user-access-to-a-report-server/site-add-group-user.png" alt-text="Screenshot that shows the report server web portal Security page. Add group or user is highlighted.":::

5. For Group or user, enter a Windows domain user or group account in the following format: <domain>\<account>.

   :::image type="content" source="../../reporting-services/security/media/grant-user-access-to-a-report-server/site-name-group-user.png" alt-text="Screenshot that shows the Add group or user section of the report server web portal Security page. The Add group or user field is highlighted.":::

   [!NOTE] If you're using forms authentication or custom security, specify the user or group account in the format that's correct for your deployment.

6. Select a system role, and then select OK.

   Roles are cumulative, so if you select System Administrator and System User, the user or group can perform the tasks in both roles.

7. Repeat these steps to create assignments for more users or groups.

Add a user or group to an item role

1. Go to the report server web portal and locate the report item for which you want to add a user or group.

2. On the report item, select the ellipsis to open the More info menu, and then select Manage.

   :::image type="content" source="../../reporting-services/security/media/grant-user-access-to-a-report-server/report-more-info.png" alt-text="Screenshot of the web portal that shows a report item with its ellipsis highlighted and the More info menu open, with Manage highlighted.":::

3. Under Manage, select Security.

4. If the report item currently inherits security settings from a parent item, take the following actions. Otherwise, go to the next step.

   1. On the toolbar, select Customize security.
   2. Confirm that you want to change the security settings.

5. Select Add group or user.

   :::image type="content" source="../../reporting-services/security/media/grant-user-access-to-a-report-server/report-add-group-user.png" alt-text="Screenshot of the report server web portal that shows the Security page of a report item. Add group or user is highlighted.":::

6. For Group or user, enter a Windows domain user or group account in the following format: <domain>\<account>. If you're using forms authentication or custom security, specify the user or group account in the format that's correct for your deployment.

   :::image type="content" source="../../reporting-services/security/media/grant-user-access-to-a-report-server/report-name-group-user.png" alt-text="Screenshot of the report server web portal that shows the New role page of a report item. The Group or user field is highlighted.":::

7. Select one or more role definitions that describe how the user or group should access the item, and then select OK.

8. Repeat these steps to create assignments for more users or groups.

Related content

• Create and manage role assignments
• Role assignments
• SSRS forum