How to set permission for multiple users in SSRS Report using SQL Query?

Question

I am working on a SQL Server Reporting Services (SSRS) report project in which I have to give access to 150 different users who have different roles. Is there any way to provide user access via SQL query which simplifies my work?

Answer 1

I would setup an Active Directory group per role then associate the roles to the report folders. Then it's a matter of managing the AD groups' membership.

In SSRS, new roles and adjustments to existing roles must be performed in SQL Server Management studio, SSMS. After opening up SSMS, click on "Connect" and select "Reporting Services…"

Enter your Server Name and login information and then click Connect.

After connecting to the Report Server, open the Security Folder right click on "Roles" and click on "New Role…"

I created 2 new roles ("Browser Group", "Functional Owner") with the same permission as "Browser".

Then on the report manager click on the down arrow for a folder and select "Security"

Then click "New Role Assignment"

Then enter the Active Directory group or an email address and check the new role you created.

You can then query the server for the permissions and show these in a report.

;WITH 
catalog_type_description
AS
(
    SELECT tbl.* FROM (VALUES
      ( 1, 'Folder')
    , ( 2, 'Report')
    , ( 3, 'Resource')
    , ( 4, 'Linked Report')
    , ( 5, 'Data Source')
    , ( 6, 'Report Model')
    , ( 8, 'Shared Dataset')
    , ( 9, 'Report Part')
    ) tbl ([TypeID], [TypeDescription]) 
    WHERE 
        TypeID = 1
)
, 
nonreport_folders
AS
(
    SELECT tbl.* FROM (VALUES
      ( 'Images')
    , ( 'SharedDataSets')
    , ( 'Data Sources')
    , ( '')
    ) tbl ([FolderName]) 
)
, 
reporting_role_names -- added roles to the report server
AS
(
    SELECT tbl.* FROM (VALUES
      ( 'Browser Group')
    , ( 'Functional Owner')
    ) tbl ([RoleName]) 
)
, 
user_list
AS
(
    SELECT 
          usr.UserID
        , usr.UserName
        , UserNameFormat = 
            CASE 
                WHEN CHARINDEX('\', usr.UserName) > 0 THEN UPPER(SUBSTRING(usr.UserName ,CHARINDEX('\', usr.UserName) + 1, LEN(usr.UserName)))
                ELSE usr.UserName 
            END 
    FROM 
        dbo.Users AS usr
)
, 
reporting_roles
AS
(
    SELECT 
          cat.Name
        , rol.RoleName
        , usr.UserNameFormat
        , ReportingRoleName = rpt.RoleName
    FROM 
        dbo.[Catalog] AS cat
        INNER JOIN catalog_type_description AS tpd ON cat.[Type] = tpd.TypeID   
        LEFT JOIN dbo.PolicyUserRole AS urol ON urol.PolicyID = cat.PolicyID
        LEFT JOIN dbo.Roles AS rol ON urol.RoleID = rol.RoleID
        LEFT JOIN reporting_role_names AS rpt ON rpt.RoleName = rol.RoleName
        LEFT JOIN dbo.Policies AS pol ON urol.PolicyID = pol.PolicyID
        LEFT JOIN user_list AS usr ON urol.UserID = usr.UserID
        LEFT JOIN nonreport_folders AS nrf ON nrf.FolderName = cat.Name
    WHERE 
        1=1
        AND nrf.FolderName IS NULL
)
SELECT DISTINCT
      FolderName = rpt.Name
    , rpt.RoleName
    , UserNameFormat = STUFF((SELECT '; ' + rol.UserNameFormat FROM reporting_roles rol WHERE rol.RoleName = rpt.RoleName AND rol.Name = rpt.Name FOR XML PATH('')),1,1,'')
    , ReportingRoleName
FROM 
    reporting_roles AS rpt

References:

https://social.technet.microsoft.com/wiki/contents/articles/40150.ssrs-how-to-setup-the-folder-security-roles-in-sql-server-reporting-services.aspx

https://code.msdn.microsoft.com/SQL-Server-Reporting-SSRS-50c4d06b

http://bhushan.extreme-advice.com/user-roles-and-permissions-in-ssrs/

https://www.mssqltips.com/sqlservertip/2793/sql-server-reporting-services-2012-permissions/