Here are the SQL server permissions that report services grants to each user type, for your information. The Report Services Configuration wizard sets these permissions automatically.
|
User type |
Required SQL Server permissions |
|
report services account to run the SQL Server Reporting Service |
Snapshot Service (predefined role) |
|
SQL Server service account to run SQL Server |
If you deploy to an existing SQL Server instance, the configuration wizard makes no changes to the SQL Server service account. If you deploy to a new SQL Server instance: --If the operating system is Windows 2008 and you’re using a SQL Server version later than 2012, virtual accounts are used for various SQL Server components, as follows: SQL Server engine: NT SERVICE\MSSQL$<InstanceName> SQL Server Agent: NT SERVICE\SQLAgent$<InstanceName> Full text search: NT SERVICE\MSSQLFDLauncher$<InstanceName> SSRS: NT SERVICE\ReportServer$<InstanceName> --Otherwise, the SQL Server service accounts are configured as follows: SQL Server engine: NT Authority\Network Service SQL Server Agent: NT Authority\Network Service Full text search: NT Authority\Local Service SSRS: NT Authority\Local Service |
|
report admin to run the Report Configuration Wizard and deploy reports to an existing SQL Server instance |
Connect SQL (cannot be revoked after setup) Create Database, Create any database, or Alter any database member of securityadmin role, or Alter any login permission |
|
report admin to modify the Reports Control Panel |
SnapshotAdmin (predefined role) |
|
Report viewer to view reports from SSRS/Internet Explorer |
Login permission SnapshotViewer (predefined role) |
|
Report writer read, write, edit access for reports, in addition to the permissions needed to view reports |
Login permission SnapshotViewer (predefined role) |
Note: Microsoft SQL Server Reporting System (SSRS) affords only role-based security in their reports. Be sure to grant appropriate access to reports. For example, if a user has access to only some data in the specified domain but all reports, they will be able to view all reports on all data from Active Directory.
Doc Feedback