Assigning SSRS permissions to your users
This document explains how to assign SSRS permissions for your users once the support team has created an account and applied “Limited View” permissions to your company’s PG folder.
Why does MYOB PayGlobal Support not do the complete setup of SSRS permissions for the client as part of their processes? Support does apply permissions, except in the scenario where an organization wants to control what users have access to what folders and reports. That kind of control requires breaking the permissions inheritance model and applying the required permissions to the folders, subfolders and reports.
There is another option, you can engage a consultant to re-arrange your folders to make this job easier. For example, you only have a few reports that you want to specifically control the access for, these reports can be placed in one folder that has broken inheritance, where all other folders inherit their security from the folder that comes before it.
The example below uses PG1231AU as the company, but your PG###### number will be different.
When a new user account is created, their login to SSRS will be their FirstName.Lastname unless you were advised otherwise by support. E.g. John.Smith. This is the user you will apply permissions to.
Click on Live to move into that folder.
You can change between Details View and Tile View by clicking on the button of that name.
As PayGlobal Support will give Limited View access to the PG1231AU folder (again – yours will be different), you need to provide access to subsequent folders and reports.
Hover your mouse over the LIVE folder to choose the down-arrow and Security option.
Note, you can also click on the LIVE folder and then click Folder Settings from the top of the screen.
If the folder security has option to Edit Item Security? This means that the inheritance has not been broken between this folder and the folder before it. Therefore, the same security is applied.
However, if you see the option to Delete or New Role Assignment along with the ability to individually assign and edit permissions, then the security inheritance has been broken to this folder. That is, someone has clicked on “Edit item Security” as shown in the previous screenshot to have more control over access.
Click to view the security of ALL your folders and ALL your reports to see where you need to apply permissions. In some cases, you may only need to apply specific permissions to some folders and reports. In other cases, we have seen some organisations have broken the inheritance entirely in all folders AND reports.
You must also click to view the security on individual reports in folders to see if you need to apply security to those individual reports too.
Once you are familiar with the folders, reports and security in place, you can assign or remove permissions to users.
To assign permissions, don’t forget you must do this for each folder leading up the report you will be providing access.
Click New Role Assignment.
if you see an error indicating a user is not recognized. Click the back button.
You will need to select the user and delete them as they no longer exist.
The same error may occur for a different user that no longer exists, click back and select them also and click Delete. Keep going until you have successfully removed all users that no longer exist.
Once you can successfully add the New Role Assignment, you can apply permissions to the user by selecting their user name and also selecting Limited View.
In the example above, Test.User has been provided with Limited View access to the Finance folder.
You will only be assigning Limited View to ALL folders leading up the folders or reports. Limited View only gives enough permissions for this user to view subsequent folders that they have access too. If you don’t provide further access, this user will not be able to view anything.
On the final reports, you will be assigning Client Admin. This allows the user to actually run the report.
The same user has been provided with Client Admin access to the Cost Analysis report in the Finance folder.
If a user is able to see any folders beyond a certain point, this means they have not been provided with any permissions beyond that.
In the example below, I have only given Test.User access to Finance and HR folders. When they login, they cannot see the other folders (Gender Equality & Rostering).
