Create Report Viewer Role in SCCM 2012 R2

12814

Create Report Viewer Role in SCCM 2012 R2 In this post we will see the steps to create report viewer role in SCCM 2012 R2. Last week when I was working on SCCM 2012 R2, I got a request from two users that they need access to run the SCCM reports. I had heard about the RBA which provides Configuration Manager 2012 Administrators with a security model and the ability to assign and manage administrative permissions. RBA is accomplished by using Security Roles, Security Scopes and Collections in Configuration Manager 2012. SCCM 2012 R2 comes with built in Security Roles and one such role is Read-only Analyst role. Initially I thought I would give users access to Read-only Analyst role but this role grants permissions to view all Configuration Manager objects and I didn’t want the users to view all Configuration Manager objects. In such situation you will need to create report viewer role in SCCM 2012 R2 and grant the users access to specific nodes.

Create Report Viewer Role in SCCM 2012 R2

For example a user Eric who doesn’t have access to read and run the reports, when he tries to access the reports he gets the error shown in the below screenshot. Now, if Eric needs access to read the reports then we need to grant him the access to it.

Create Report Viewer Role in SCCM 2012 R2

In the CM console navigate to Administration -> Security -> Security Roles. Right click on Read-only Analyst role and click Copy.

Create Report Viewer Role in SCCM 2012 R2

Specify the name for the new security role and add the description. Go through all the security settings and customize the permissions and set it to Run Report. Once you are done, click OK.
Note – After this step if the users with these permissions are able to run and open reports but if there is no data displayed then add the Read permission to each section where you specified just Run Report permission.

 

Create Report Viewer Role in SCCM 2012 R2

Under the security roles, we now see a new role has been created.

Create Report Viewer Role in SCCM 2012 R2

To add the user to this new role, right click on Administrative Users and click Add User or Group.

Create Report Viewer Role in SCCM 2012 R2

Click Browse and add the User/Group. Next add the security role that you created in the above step. Click OK.

Suggestion – Instead of adding single users to this role, my suggestion would be that you create a group in ADUC and add the users who need access to reports to that group. You can add the same group to the report viewer role.

Create Report Viewer Role in SCCM 2012 R2

  • Steven Parein

    Thanks for the tutorial.
    Did anyone manage to give access to Application Deployment reports only?

  • Hossam Wael Elmosallamy

    also I found that you must give read permission to the collection section in the permissions list if the report have a Collection Variables 🙂