ConfigMgr: Creating and Editing Custom Reports Permissions

Prereqs to be able to create, modify and save reports that are built-in or imported/uploaded:

Create SCCM Reporting Permissions

It is recommend to create 2 new roles for Reporting Admins:
1. Run and read reports = Reporting Analyst
2. Run, modify and read reports = Reporting Admin
You can do this by going to Administration > Security > Security Roles.

Start off by copying (right-click) the Read-only Analysts role and call it Reporting Analyst (run and read reports). Ensure that Run Reports and Read is set for each Permission listed (e.g. Alerts, Antimalware Policy and so on) that you want the user to be able to view.

Once you’ve created this role, you can copy the Reporting Analyst role and call the new one Reporting Admin (modify reports). Now for each permission that you previously set Run Reports and Read, add the Modify Report privilege.

Assign SCCM Reporting Permissions to User

Once completed, we need to assign the new role to an Administrative User. From the same workspace, click on the Administrative Users node (Administration > Security > Administrative Users). Right-click or select Add User or Group from the ribbon and find your AD user account, select it, then click on Add… and add the Report Administrator role. Make sure that All instances of the objects that are related to the assigned security roles is selected and click on OK.

As per Technet:
The user account must have Site Modify permission and Modify Report permissions on the specific objects associated with the report that you want to modify.

SQL Configuration for Reporting

Connect to SQL database using SQL Server Management Studio and create New Login under Security > Logins with public, smschm_users and db_datareader under User Mappings.

Leave a Reply

Your email address will not be published. Required fields are marked *