User rights to data

To ensure that users have access to the desired report data and to ensure that other specified users are excluded from the same data, Reporting Services uses the concept of Rights. Rights associate report structures with users, roles or user groups. Report structures contain elements which are connected to data in the data source through the data connection. Including elements in a structure and assigning rights to the structure to one or more users, ensures that users have access to the report data they require

Once a reporting right is defined, reporting structures and associated data elements must be associated with it. Most commonly, one rights record is created for each Reporting Services user, though some organizations may choose to set up a right for each role in their organization. Each right may include multiple structures. For example, a right might have a structure with element values for a GL Accounting Unit for distributing financial reports, and an HR structure for filtering reports relevant to a users employees or their own HR information, for example, time card and benefits, and it may include a Location structure for inventory or office supplies.

User rights to structures and contained elements

You can filter elements in a structure so that specific users or user groups have read access to specific elements. That is, you can create filters that allow certain users read access to structures where one or more elements contain specific values. Specifically, the sets of filtering values are the Rights a user has to a structure.

For example, the common reporting structure is based on the General Ledger Hierarchy. A General Ledger structure would be built in one of two ways:

  • A GL accounting unit structure might consist of two elements, Company and Accounting Unit
  • A GL level structure might have two elements, Company and Level Address

Each user and role would then have a Right established with specific values for each of the elements in the structures. For example, user 1491 might be able to see the structure for Company ABC and Accounting Units 1000, 1010, 1020, and 1030. User 2182 might have access to the structure for Company XZY and Accounting Units 3010, 3020, 3030 and so on. This arrangement makes maintenance easier when users are transferred to different divisions or departments, or when users need to get reports from departments outside their defined role in the organization. For example, if user 1491 is transferred from division 100 to division 200, you can edit user 1491's rights and change the Accounting Units to 2000|2010|2020|2030.

Users with identical rights can be included in one user group for ease of maintenance. In addition, you can move users in and out of user groups as required

The elements that you want to filter on must be in the report.

Importing rights

As a way to expedite building user rights, Reporting Services provides the ability to import a CSV, XML, or JSON file containing rights information. This file is normally created by exporting rights data from another system into a CSV, XML, or JSON file, which is then imported into Reporting Services. In addition, you can create and modify a rights file in a text editor or use a text editor to correct errors in any CSV, XML, or JSON file.

To successfully import a rights file into Reporting ServicesReporting Services, the following requirements must be met:

  • The elements you want to use must exist in Reporting Services.
  • The structure you want to use must exist in Reporting Services.
  • The users contained in the rights file are valid Reporting Services users.

Reporting Services does not import CSV, XML, and JSON files that contain errors. The file must be completely standardized and validated before it is loaded into the system.

For more information about writing a valid file, see Working with CSV, XML, and JSON rights files.