Appreciate the feedback. I don't think the granularity we're looking for is achievable at this time. Or with R2.
Thanks! Megan [email protected]<mailto:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Mohamed, Hatem (ext) Sent: Friday, August 23, 2013 4:22 PM To: [email protected] Subject: [mssms] RE: SCCM 2012 Reports and Security Options I should clarify that second line. It isn't that reporting has no checking for RBAC, it is just not fully enabled for RBAC so it wouldn't filter down to the objects you are allowed to manage. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Mohamed, Hatem (ext) Sent: Friday, August 23, 2013 4:18 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: SCCM 2012 Reports and Security Options In 2012 R2 they are adding granular security so that reports respect the RBAC roles and scopes the administrative user has applied to them. http://technet.microsoft.com/en-us/library/dn236351.aspx Right now the reporting has no checking for RBAC when the user runs a report. Also, changing the security on a folder in SSRS will just result in the security being reset on that folder at periodic intervals. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Wills, Megan J. Sent: Friday, August 23, 2013 3:58 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] SCCM 2012 Reports and Security Options Good afternoon, I have a question for anyone that may know/offer an opinion/solution for our reporting requirements within our environment: Is it possible between SSRS and ConfigMgr 2012 to achieve granular security on custom folders within Reporting, and those same custom folders be displayed within the Console? For the custom folders, the desired configuration for security would be that certain administrators would have full control over Reports in their pertinent folder, but no other folder, and still maintain the ability to "run" the built-in ConfigMgr reports. This is in consideration of the following scenario: 1) One group of support engineers manage the infrastructure and need to have full access to manage and maintain the integrity of the ConfigMgr environment a. This is achieved/configured. Just outlining the tiered support structure 2) Support is provided to admins that do not have full control in ConfigMgr, and the admins are delegated access through RBA for maintaining the systems they manage a. This is where the Reporting rights come in to play. These admins would need to be able to create custom reports for their assets, but not have control over the canned ConfigMgr reports, except to run the report, and would not have the ability to manage any other admins reports outside of their own site designation If Security Scopes extended to the Report objects, we could offer that granularity easily. Just wanted to make sure if this is even a possible and, importantly, a supported configuration. I've read some information on what will change with R2 for Reporting and RBA, but didn't really see if that level of security was being introduced or not. I hope this all makes sense. Thank you! Best regards, Megan Wills [email protected]<mailto:[email protected]>
