Friday, September 14, 2018

SSRS Security Model – Role Permission Matrix



Role/Permission Matrix
Following is the Role/Permission matrix for an application that uses SSRS reports for their portal. This matrix consists of 4 roles e.g. Report Admin, Schedule Admin, Report Writer & Report Reader and their associated permission(s).It can be more role(s) based on business requirement.  As SSRS works on Windows Authentication, we can create security group in active directory and assign the role(s) to these security group(s) in this way, we can manage larger of user(s) for Report easily.

Below matrix shows 4 roles e.g. Reader for only viewing the reports, Writer for read/writing/deploying the reports, Schedule Admin for Report Subscription/snapshot/history & Report Admin for system administrative work:
                                                                        
Task
Permissions
Report-Admin
Schedule Admin
Writer
Reader
Consume report
Read Content ,Read Report Definitions & Dataset
Create linked reports
Create Link Reports
Manage all subscriptions
Read, Create Delete & Update Any Subscription
Manage data sources
Create, Delete & Update Content
Manage folders
Create, Delete & Read Folder
Manage individual subscriptions
Read Properties
Create Subscription
Delete Subscription
Read Subscription
Update Subscription
Manage models
Create Model
Manage models

Read, Delete & Update Content
Read, Update Data Sources
Read & Update Model Item Policies
Manage report history
Read Properties
Create, Delete and Execute  Report History
Manage reports
Create Report
Update Parameters
Read & Update  Data Sources
Read & Update Report Definition
Execute Read Policy & Update Policy

Manage resources
Create Delete & Update Content
Set security for individual items
Read & Update Security Policies
View data sources
Read Content & Properties
View folders
Read Execute And View contents

View models
Read Data Sources , Content &Properties
View reports
Read Content/Datasets &Properties
View resources
Read Content/Report Parts/Properties


No comments:

Post a Comment