Managing report access with role-based administration

Users who need to use Management Suite reports must have one of these roles assigned to them in the Users tool:

• ReportingDesigner: This role gives users the ability to create, edit, and run reports.
• ReportingViewer: This role gives users the ability to run reports.

These roles are defaults and aren't editable. Users without one of these roles won't see the console's Reports tool.

In the Reporting console (Tools > Reporting/Monitoring > Reports), reports and the folders that contain them are associated with role-based administration roles. By default, reports and folders have these roles and associated rights:

• Avocent administrator: Folder read, folder write, report read, report write
• LANDesk administrator: Folder read, folder write, report read, report write
• ReportingDesigner: Folder read, folder write, report read, report write
• ReportingViewer: Folder read, report read

Reporting rights do the following:

• Read rights on a folder let users open that folder and see the reports that are visible to them.
• Read rights on a report let users run that report.
• Write rights on a folder let users add reports to a folder or delete an empty folder.
• Write rights on a report let users modify or delete that report.

Reporting rights only apply to the selected object and they aren't recursive. For example, applying read rights to a folder doesn't automatically give read rights to all reports in that folder.

Limiting access to specific reports or folders

By default, anyone with the ReportingViewer role can see all reports and folders. If necessary, you can restrict access to specific reports and folders.

To restrict access to specific reports and folders

1. In the Users tool under Roles, right-click the ReportingViewer role and click Clone.
2. Rename the cloned ReportingViewer role to something more specific, like "Inventory report viewer"
3. Create a new group permission for the users you want to limit, and in the Group permissions dialog, target the Active Directory groups you want. In the roles box, clear the ReportingViewer right and select your new cloned role (Inventory report viewer, for example).
4. Click Tools > Reporting/Monitoring > Reports.
5. In the Reports viewer, open the properties for the report or folder you want to limit by right-clicking it and clicking Edit. Go to the Security page and Add the cloned reporting role you made. You'll need to do this on the parent folder level too, otherwise users with the cloned right won't be able to open the folder to see the report they need access to.