For most organizations, the built-in roles should suffice. If they do not, keep in mind that the Report Server administrators can create custom role definitions. If you need to create a custom role definition, it might be helpful to stage that role definition in a development environment. Tables 18.2 and 18.3 describe the predefined roles and their corresponding tasks . Keep in mind that when a task is called "Manage..." that it implies the ability to create, modify, and delete. Table 18.2. Item-Level Roles Role Name | Description | Browser | Allows users to browse through the folder hierarchy, view report properties, view resources and their properties, view models and use them as a data source, and, finally, execute reports, but not manage reports. It is important to note that this role gives Report Viewer the ability to subscribe to reports using their own subscriptions. | Content Manager | Allows users to manage folders, models, data sources, report history, and resources regardless of who owns them. This role also allows users to execute reports, create folder items, view and set properties of items, and set security for report items. | Report Builder | Allows users to build and edit reports using Report Builder and manage individual subscriptions. | My Reports | Allows users to build reports and store the reports in their own personal folder. They can also change the permissions of their own My Reports folder. | Publisher | Allows users to publish content to the Report Server, but not to view it. This role is helpful for people who are allowed to develop reports against a development or test data source, but are not allowed to view reports against the production data source. | Table 18.3. Tasks Assigned to Item-Level Roles | Browser | Content Manager | My Reports | Publisher | Report Builder | Consume reports | | X | | | X | Created linked reports | | X | X | X | | Manage all subscriptions | | X | | | | Manage data sources | | X | X | X | | Manage folders | | X | X | X | | Manage individual subscriptions | X | X | X | | | Manage models | | X | | X | | Manage report history | | X | X | | | Manage reports | | X | X | X | | Manage resources | | X | X | X | | Set security for individual items | | X | | | | View data sources | | X | X | | | View folder | X | X | X | | X | View models | X | X | | | X | View reports | X | X | X | | X | View recources | X | X | X | | X | There are two built-in, system-level roles. These roles follow the same pattern as the item-level roles in that one role allows view access to systems settings, and the other allows them to be modified. Keep in mind that you can also create new system-level roles. Tables 18.4 and 18.5 break down the system-level roles and tasks. Table 18.4. System-Level Roles Role Name | Role Description | System Administrator | Allows members to create and assign roles, set systemwide settings (Report Server properties and Report Server security), share schedules, and manage jobs | System User | Allows members to view system properties and shared schedules | Table 18.5. Tasks Assigned to System-Level Roles | System Administrator | System User | Execute report definitions | X | X | Generate events | | | Manage jobs | X | | Manage Report Server properties | X | | Manage Report Server security | X | | Manage roles | X | | Manage shared schedules | X | | View Report Server properties | X | X | View shared schedules | X | X | After the Report Server is installed, the local Administrators group is assigned two roles. The first role is the Content Manager, and the second is the System Administrator role. Individually, the roles limit access to certain areas. The Content Manager role can manage everything within the Report Server catalog. System Administrators can manage the Report Server. With the combination of these two roles, local administrators are able to do anything to the Report Server. |