Hi, I sat in on a meeting today about ssrs security. It was with a company that bought our company and is moving away from a very expensive competitor of ssrs so i'm assuming for this discussion they have a very current enterprise product.
The gist of the meeting went like this...
Before they get too involved with the neat stuff MS offers for security, they want to divide responsibility as follows:
1) data level security in sql server tables
2) role level security in ad (eg publisher, browser etc)
3) functional (eg accts payable, manufacturing etc) security in ad either separately from # 2 or "permutated" across
I told someone offline that I would check into the community's feeling on #2 and #3. I told them my reason was that normally admins get all roles anyway, and specific job titles normally get just browser and report builder. Does the community have a response?