Reporting Services provides different authentication and authorization features for users to communicate with the report server. (For the definition of authentication and authorization, see Chapter 12.) The following subsections discuss these two features.
1. Authentication
Using the right authentication type for your report server enables your organization to achieve an appropriate level of security required by your organization. SSRS offers several options for authenticating users against the report server.
By default, the report server uses Windows Integrated authentication (see Chapter 12) and assumes that a trusted connection exists between clients and the server. (A trusted connection is a special form of connection between a client and the server, where the reporting server trusts that the operating system already validated the account and the corresponding password.)
Depending on your network topology and the needs of your organization, you can customize the authentication protocol that is used for Windows Integrated authentication or use a custom forms-based authentication extension. Each of the authentication types can be turned on or off individually. You can enable more than one authentication type if you want the report server to accept requests of multiple types.
2. Authorization
Authorization is based on roles that you assign to a principal. (For the definition of roles and principals, see Chapter 12.) Each role consists of a set of related tasks, which contain operations specific for each task. For example, the Manage Reports task grants access to the following report server operations: view reports, add report, update report, delete report, schedule report, and update report properties.
You can use SQL Server Management Studio to create, delete, or modify a role. To create a role, start Management Studio and connect to the particular report server instance. The corresponding report server node appears. Right-click the report server node and expand the Security folder. If you are creating an item-level role definition, right-click Roles and point to New Role. (The system roles can be created by right-clicking System Roles.) Type a unique name for the role. Optionally, type a description. Select the tasks that members of this role can perform and click OK. (The other operations can be performed in the similar way.)
Source: Petkovic Dusan (2020), Microsoft SQL Server 2019: A Beginner’s Guide, Seventh Edition-McGraw-Hill Education.