Managing report access with role-based administration

Users who need to use Management Suite reports must have one of these roles assigned to them in the Users tool:

These roles are defaults and aren't editable. Users without one of these roles won't see the console's Reports tool.

In the Reporting console (Tools > Reporting/Monitoring > Reports), reports and the folders that contain them are associated with role-based administration roles. By default, reports and folders have these roles and associated rights:

Reporting rights do the following:

Reporting rights only apply to the selected object and they aren't recursive. For example, applying read rights to a folder doesn't automatically give read rights to all reports in that folder.

Limiting access to specific reports or folders

By default, anyone with the ReportingViewer role can see all reports and folders. If necessary, you can restrict access to specific reports and folders.

To restrict access to specific reports and folders
  1. In the Users tool under Roles, right-click the ReportingViewer role and click Clone.
  2. Rename the cloned ReportingViewer role to something more specific, like "Inventory report viewer"
  3. Create a new group permission for the users you want to limit, and in the Group permissions dialog, target the Active Directory groups you want. In the roles box, clear the ReportingViewer right and select your new cloned role (Inventory report viewer, for example).
  4. Click Tools > Reporting/Monitoring > Reports.
  5. In the Reports viewer, open the properties for the report or folder you want to limit by right-clicking it and clicking Edit. Go to the Security page and Add the cloned reporting role you made. You'll need to do this on the parent folder level too, otherwise users with the cloned right won't be able to open the folder to see the report they need access to.