Create Report Viewer Role in SCCM 2012 R2

Prajwal Desai
Posted by Prajwal Desai

Create Report Viewer Role in SCCM 2012 R2 In this post we will see the steps to create report viewer role in SCCM 2012 R2. Last week when I was working on SCCM 2012 R2, I got a request from two users that they need access to run the SCCM reports. I had heard about the RBA which provides Configuration Manager 2012 Administrators with a security model and the ability to assign and manage administrative permissions.

RBA is accomplished by using Security Roles, Security Scopes and Collections in Configuration Manager 2012. SCCM 2012 R2 comes with built in Security Roles and one such role is Read-only Analyst role. Initially I thought I would give users access to Read-only Analyst role but this role grants permissions to view all Configuration Manager objects and I didn’t want the users to view all Configuration Manager objects. In such situation you will need to create report viewer role in SCCM 2012 R2 and grant the users access to specific nodes.

Create Report Viewer Role in SCCM 2012 R2

For example a user Eric who doesn’t have access to read and run the reports, when he tries to access the reports he gets the error shown in the below screenshot. Now, if Eric needs access to read the reports then we need to grant him the access to it.

Create Report Viewer Role in SCCM 2012 R2

In the CM console navigate to Administration -> Security -> Security Roles. Right click on Read-only Analyst role and click Copy.

Create Report Viewer Role in SCCM 2012 R2

Specify the name for the new security role and add the description. Go through all the security settings and customize the permissions and set it to Run Report. Once you are done, click OK.
Note – After this step if the users with these permissions are able to run and open reports but if there is no data displayed then add the Read permission to each section where you specified just Run Report permission.

 

Create Report Viewer Role in SCCM 2012 R2

Under the security roles, we now see a new role has been created.

Create Report Viewer Role in SCCM 2012 R2

To add the user to this new role, right click on Administrative Users and click Add User or Group.

Create Report Viewer Role in SCCM 2012 R2

Click Browse and add the User/Group. Next add the security role that you created in the above step. Click OK.

Suggestion – Instead of adding single users to this role, my suggestion would be that you create a group in ADUC and add the users who need access to reports to that group. You can add the same group to the report viewer role.

Create Report Viewer Role in SCCM 2012 R2

Share This Article
Prajwal Desai
Posted by Prajwal Desai
Follow:
Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.
8 Comments