Hi experts,
To allow a new user to run an RS report, I granted the RsExec role in the ReportDB database. And granted db_datareader in the user database.
Finally, within ReportManager, I added the account in the Security Tab with the System User role.
She IS able to view the report now. Did I use the correct steps?
Thanks.
what do you mean allow user to run RS Reports? When you say RS reports are you talking about SQL Server Reporting Services? if so I would not use your approach. Always grant permissions on the folder and give permission to AD groups if at all possible. If tomorrow Bridget moves from finance to office you do not want her to still have permission to confidential material and you lose your job.
It all depends on how the connection to the source data is defined. For a user to be able to run the report - they just need access in report manager to the folder/report. They do not need SQL Server access or added to any SQL Server roles.
For example, if the report data source is defined to use the users windows credentials - then that user needs access to the source database system and database(s). If the report datasource is defined to a specific SQL account an password, the user does not need any access to the source data for the report.
Report Manager is configured to use a service account to access the reporting services databases - and security for the site is managed within report manager only. Again - users do not need access to SQL Server to be able to access reports.