Several built-in security roles are available to assign to users or groups of users. This security assignment can be scoped at the folder level and is by default inherited by all reports within that folder or assigned to a specific report.
In the following screenshot, a security group (AdWorksSales) is assigned to the Browser role for the Product Sales Report:
The security configuration page for both reports and folders can be accessed via the Manage page, as described in the Scheduled data refresh section earlier in this chapter. By default, the BUILTINAdministrators group is assigned to a System Administrator system-level role and the Content Manager item-level role of the Home folder.
Security roles can also be created and customized in SQL Server Management Studio (SSMS). In the following example, a new user role is created that provides the same permissions as the default Browser role (such as View Reports), but also enables users to manage the comments posted to reports:
As shown in the preceding screenshot, the new role (Browser with Comment Management), is allowed to perform seven tasks including managing comments. There are 18 tasks, available to define a user role, which allow users to create, view, and manage report server content. This customization, along with default item level inheritance of a parent item's security, provides report server administrators with robust controls to implement role-based security.