Required user permissions for report services

Before you install Centrify report services, be sure you have the appropriate software and user accounts, which includes the following:

  • Users with required permissions. Before installation, you must have users to run the Centrify installer.
  • Report service account
  • SQL Server service account (this is needed if you’re installing using an existing instance)
  • User accounts that can run the Report Configuration Wizard and the Reporting Control Panel.

There are a few user accounts that you need to set up for use with Centrify report services. Here is a summary of the user accounts that you need to create and the permissions you need to explicitly grant.

Report services account permissions
User type Required Active Directory permissions Required security policy permissions(group policy, or local policy) Required SSRS permissions Required SQL Server or PostgreSQL permissions

report service account

to run the Reporting Service

For domain-based reporting: Replicating directory changes at the domain level (ADUC)

and replicate directory changes in ADSI

 

For zone-based reporting: Read permission

Log on as a service

 

 

SQL Server service account

to run SQL Server

n/a

Log on as a service

 

member of the securityadmin role

PostgreSQL service account

 

 

 

the account must have permission to connect to PostgreSQL and create a database

report admin

to run the Report Configuration wizard or the Upgrade & Deployment wizard and deploy reports to an existing SQL Server instance

needs to be a member of the domain

n/a

Folder Settings > Content Manager role

member of the securityadmin role

(At the very least, the user needs permission to connect to SQL Server and create a database.)

report admin

to modify the Reports Control Panel

Read permission to the domain root object of the selected domain.

Read permission to all computer objects in the selected domain.

n/a

 

  

Report viewer

to view reports from SSRS/Internet Explorer

 

 

Site settings > System user role

Folder settings > browser

(assign SSRS roles to Active Directory group or users)

 

Report writer

read, write, edit access for reports, in addition to the permissions needed to view reports

 

 

Site settings > System user role

Folder settings > Content Manager role

(assign SSRS roles to Active Directory group or users)

 

Note:   Centrify Report Services requires administrator permission to install and upgrade. That also means that only an administrator can uninstall and repair Centrify Report Services. (Ref: CS-40808a)