• Here is what I would do in such case. In fact this is what we have in our project.

    Let's say you simply have two different groups of users,

    1) with Administrative rights/Developers

    2) Report Users who just runs reports that's it.

    In this case. go to your Report Manager Site.

    On right hand side you have Site Settings. Click on that.

    then go to " Configure Item Level role definitions"

    Here, click on Report Viewer:

    You will find all different tasks assigned to this Role.

    You need to check only two of the tasks from the list. those are: View Folders and View Reports.

    Click on OK.

    So here you modified your report viewer role.

    Now go back to home page on Report Manager.

    Click on folder that you wanna configure for security.

    Click on Properties.

    Click on Security.

    Click on New Role assignment and assign your domain group/User to this new created role: Report Viewer. Make sure you check only one role there. There you are all set on Reporting Services Side.

    Now, on Windows side you need to make sure that these users are not part of BUILTIN\Administrators GROUP by any chance. If they are then there is no use of Report Viewer Role we just created. So remove intended users from BUILTIN\Administrators Group and assign new domain group for them. and then go back to report manager and assign this new domain group to Report Viewer Role for specific folder and report both.

    Hope this helps. Let us know if it works or not for you!!!

    -RP

    -RP