Hi! This should be simple, but I can't seem to get it to work. I need to deny access to a specific user in our organization to our Reporting Services implementation. The current model assigns 'Content Manager' to 'BUILTIN\Administrators' and 'DOMAIN\SSRS_Admin'. The model assigns 'Browser' to 'Everyone'. I would like to disable access for one specific user: 'DOMAIN\baduser'. I've played with role assignments and assigning baduser to a limited access role, but I can't figure out how to do this. Anyone help? Thank you!DJAnsc

Hi DJAnsc, From your description, you want to disable the access to the report manager for one domain user that is in the "Everyone" group which has the "Browser" Item-level permissions on the report server. If I have anything misunderstood, please feel free to let me know. Based on your scenario, this cannot be done by simply setting the Item-level or System-level permissions on the report server or report manager. To achieve your goal, there are two suggestions for your reference: Contact the Active Directory Administrator to create another group that doesn't contain the "DOMAIN\baduser". Create a Windows Firewall Outbound Rules to block the specific IP address to access the SQL Server program or the specific TCP port that you use in the report manager URL. For more information, please see the "Example Rule: Restricting Access" part of the following blog: How to Create Advanced Firewall Rules in the Windows Firewall Regards, Mike Yin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Mike Yin TechNet Community Support

Hi DJAnsc, From your description, you want to disable the access to the report manager for one domain user that is in the "Everyone" group which has the "Browser" Item-level permissions on the report server. If I have anything misunderstood, please feel free to let me know. Based on your scenario, this cannot be done by simply setting the Item-level or System-level permissions on the report server or report manager. To achieve your goal, there are two suggestions for your reference: Contact the Active Directory Administrator to create another group that doesn't contain the "DOMAIN\baduser". Create a Windows Firewall Outbound Rules to block the specific IP address to access the SQL Server program or the specific TCP port that you use in the report manager URL. For more information, please see the "Example Rule: Restricting Access" part of the following blog: How to Create Advanced Firewall Rules in the Windows Firewall Regards, Mike Yin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Mike Yin TechNet Community Support

Hi DJAnsc, From your description, you want to disable the access to the report manager for one domain user that is in the "Everyone" group which has the "Browser" Item-level permissions on the report server. If I have anything misunderstood, please feel free to let me know. Based on your scenario, this cannot be done by simply setting the Item-level or System-level permissions on the report server or report manager. To achieve your goal, there are two suggestions for your reference: Contact the Active Directory Administrator to create another group that doesn't contain the "DOMAIN\baduser". Create a Windows Firewall Outbound Rules to block the specific IP address to access the SQL Server program or the specific TCP port that you use in the report manager URL. For more information, please see the "Example Rule: Restricting Access" part of the following blog: How to Create Advanced Firewall Rules in the Windows Firewall Regards, Mike Yin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Mike Yin TechNet Community Support

Hi DJAnsc, From your description, you want to disable the access to the report manager for one domain user that is in the "Everyone" group which has the "Browser" Item-level permissions on the report server. If I have anything misunderstood, please feel free to let me know. Based on your scenario, this cannot be done by simply setting the Item-level or System-level permissions on the report server or report manager. To achieve your goal, there are two suggestions for your reference: Contact the Active Directory Administrator to create another group that doesn't contain the "DOMAIN\baduser". Create a Windows Firewall Outbound Rules to block the specific IP address to access the SQL Server program or the specific TCP port that you use in the report manager URL. For more information, please see the "Example Rule: Restricting Access" part of the following blog: How to Create Advanced Firewall Rules in the Windows Firewall Regards, Mike Yin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Mike Yin TechNet Community Support

Hi DJAnsc, From your description, you want to disable the access to the report manager for one domain user that is in the "Everyone" group which has the "Browser" Item-level permissions on the report server. If I have anything misunderstood, please feel free to let me know. Based on your scenario, this cannot be done by simply setting the Item-level or System-level permissions on the report server or report manager. To achieve your goal, there are two suggestions for your reference: Contact the Active Directory Administrator to create another group that doesn't contain the "DOMAIN\baduser". Create a Windows Firewall Outbound Rules to block the specific IP address to access the SQL Server program or the specific TCP port that you use in the report manager URL. For more information, please see the "Example Rule: Restricting Access" part of the following blog: How to Create Advanced Firewall Rules in the Windows Firewall Regards, Mike Yin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Mike Yin TechNet Community Support

Thank you, Mike. This was as I suspected. It's unfortunate that there is not a simpler way to disable a specific user. Thanks again.DJAnsc

Thank you, Mike. This was as I suspected. It's unfortunate that there is not a simpler way to disable a specific user. Thanks again.DJAnsc