Alternative Active Directory Groups for Report Viewers and Report Authors

Alternative Active Directory Groups for Report Viewers and Report Authors

Alternative Active Directory Groups for Report Viewers and Report Authors
When following the instructions for configuring Business Intelligence within Project Server 2010, two active Directory Groups are created.   The “ReportViewers” Active Directory group is created and designed to determine who is allowed to view business intelligence reports using the Secure Store, and the “ReportAuthors” Active Directory group is designed and created to determine who is allowed to create excel reports.  The key difference between these two groups is “ReportViewers” provides access to reports thru SharePoint Excel Services and “ReportAuthors” provides access directly to the SQL server database.  For example, users in “ReportAuthors” can access data directly from the SQL server ProjectServer_Reporting database whereas “ReportViewers” can access data thru the Secure Store service.
This works well, however the maintenance inefficacy is that someone must maintain two additional AD groups; ReportAuthors and ReportViewers.   Also, in many cases the people identified to be in the project manager, resource manager, portfolio manager and executive active directory groups are probably the same people in the ReportAuthors and ReportViewers AD group.
One of my clients did not want to create and manage the additional AD groups and I agreed.  We thought it would be better to use their current AD groups for project managers, resource manager, portfolio managers and executive management.  This makes a lot of sense to me and so I am blogging this.
There are two approaches that you can use to manage ReportViewers and ReportAuthors.  The first is to just include the Project Manager, Resource Managers, Portfolio Managers and Executive AD groups in ReportViews and Report Authors. This basically follows procedures that are documented from Microsoft, and other groups can also be added if needed. 
The second approach is not to use the ReportAuthors and ReportViewers AD groups at all.  When configuring Secure Services, just add the Project Managers, Resource Managers, Portfolio Managers and Executive AD groups instead of ReportViewers.  And instead of creating the ReportBuilders AD group, just give Project Managers, Resource Managers, Portfolio Managers and Executive AD groups’ Read-Only access to the ProjectServer_Reporting database.  And the third option is a hybrid of approach one and two.
Leave a Comment
  • Please add 3 and 5 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Richard Mueller edited Revision 1. Comment: Improved wording

  • Maheshkumar S Tiwari edited Original. Comment: Added Tag

Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Maheshkumar S Tiwari edited Original. Comment: Added Tag

  • Richard Mueller edited Revision 1. Comment: Improved wording

Page 1 of 1 (2 items)