Wednesday, August 18, 2010

SCCM SRS Reports configuration

If you want to allow to certain users or groups to access on specific reports in SCCM 2007 with SQL Server Reporting services installed, follow these steps:

First create a AD Security group which will have permissions to browse SCCM SRS Reports. ex: SCCM_Report_access

Open SQL Server Management Studio and add this group in Security -> Logins.
In User Maping choose your SMS database on right side and click on public and db_datareader.

Next step is to allow SCCM_Report_access group to access on SCCM reports.
Open Web SCCM Reports : http://sccm/Reports/
Choose some link and click on Properties:

Click on Security:

Click on New Role Assigment:

Paste MYDOMAIN\SCCM_Report_access Group or user name field and choose Browser.

After that users members of SCCM_Report_access Group will have access to Hardware - General Reports.

If you want to deny access to specific report then you have modify permissions on that report explicitly.

To allow users to see reports you must assign Browser privileges to Security group or users starting from root (http://sccm/Reports/). With this action, because this permissions are inheritable all sub-links will have same permissions. If you don't want all reports to be seen by the users then you must modify permissions on each sub-link.


  1. Thank the lord! Do you realize you are the ONLY person to document this accurately and completely. If you are ever in Toronto, drop me a line, I'll buy you a drink.


  2. I will also add...

    On an R3 installation, my users required BROSWER and REPORT BUILDER to be able to successfully run reports. If only the BROSWER permission was granted, the MMC crashed when attempting to run any report. The KB2449910 did not fix this issue, however it did correct the issue with creating reports.

  3. hi there, does one have to browse to each and every category to apply permissions, by default each Folder/Category is set to 'do not inherit from parent', is there a way to select multiple categories and apply the necessary permissions