Organizing Reports in SSRS folder tree RRS feed

  • Question

  • Hi,

    I’d like to know how to best organize our company’s SSRS site.

    Should the permissions for the HOME folder be to all users and then sub folders should have a less permitted number of users?

    Or should only management have permissions to HOME and then sub folders might have more permissions. (This is how we have it set up today but then the link for certain user who does not have permissions to home needs to be a specific link to the folder and not simply the report site link which doesn’t look so good).

    I know both ways work but what’s suggested?


    Wednesday, October 17, 2012 11:57 AM

All replies

  • Looks to me like you answered your own question. Making the HOME folder unrestricted and the subfolders increasingly restricted is much better structure, as I see it. It's easier for everyone to get an overview of what they have access to and not, the accessible areas are connected in a logical and user-friendly way as opposed to scattered about haphazardly throughout the folder tree, and like you said, it looks much neater.
    Wednesday, October 17, 2012 1:48 PM
  • I favor the other approach if you are inheriting permissions from parent folder. With inheritance, the only way to become more restrictive in child folders is to set Deny on a permission that a parent allows. That can have some unintended results since deny always takes precedence over allow. So if I am in two different ad groups, admins and readers, and I want to deny a permission to readers that was allowed in the parent but continue to allow that permission for admins, I still loose that permission since the deny on the reader group will take precedence over the allow on the admin group. The most restrictive you get on the home is read access only. Then your users can still access the home level but can't change anything.
    • Proposed as answer by Syed Qazafi Anjum Wednesday, October 17, 2012 7:32 PM
    • Unproposed as answer by namnami Thursday, October 18, 2012 7:17 AM
    Wednesday, October 17, 2012 7:22 PM
  • Hi There

    Thanks for your posting. Reporting Services uses role-based security to grant user access to a report server. Report server which runs in native mode, there are two types of roles: Item-level roles and System-level roles.

    The Item-level roles are used to view, add, and manage report server content, subscriptions, report processing, and report history. We can assign Item-level roles on the root node (the Home folder) or on specific folders or items. In this issue, you can try to assign Item-level role to specific user on specific items. Please have a look on these link that might be helpful

    If you have any questions, please feel free to let me know.

    Many thanks

    Syed Qazafi Anjum

    Wednesday, October 17, 2012 7:38 PM
  • Hi Tim Pacl,

    I don't quite understand which approach you say is better and how to implement it. Pls clarify.



    Thursday, October 18, 2012 7:18 AM
  • Least permissions needed to do the job is a widely accepted industry standard. That is what I favor. I think that most users will need fewer permissions on the root node (home folder) than they will need in the lower folders.

    Thursday, October 18, 2012 12:28 PM