Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

SolomonovAnton

Create a custom role in Power BI Report Server (SSRS): step-by-step

Create a custom role in SSMS (item-level example)

  1. Connect to Reporting Services
    Open SSMSConnectReporting Services → enter your Web Service URL (e.g., http://<server>/reportserver).
    PBI_Roles1.png
  2. Add a new role
    In Object Explorer: Security → RolesNew Role. Give it a name and description. Pick the item-level tasks you need. Save.
    PBI_Roles2.png
  3. Assign the role
    Go to the web portal (/reports) → Site settings / folder Manage → SecurityAdd group or user → choose your custom role. Repeat where needed (inheritance applies to child folders unless you break it).

PBI_Roles3.png

 

 

Case study 1: “Viewer & Export (no publish)”

 

Goal: Allow users to open reports and export to PDF/Excel/CSV from the toolbar, but block publishing/overwriting content.

Why this role is useful: It’s perfect for wide readership audiences who should consume and export, but never alter or deploy reports.

 

How to build it (tasks to tick):

  • View Folders
  • View Reports (enables interactive view + export)
  • View Resources (optional, if you store files like images/help)
  • Manage Individual Subscriptions (optional: let users manage their own subscriptions only)
  • Manage Reports (keeps users from uploading, replacing, deleting, setting properties like data sources/report history)
  • Manage Folders / Manage Data Sources / Manage Shared Datasets / Manage Permissions

 

Important limitation: Downloading a source file (e.g., .RDL and, where applicable, .PBIX) is governed by manage-level capabilities. There is no separate task that says “download source but not publish”. In other words, you can allow exported renderings (PDF/Excel/etc.) with View reports, but you cannot allow downloading the source while blocking publish/replace. Tasks are predefined and can’t be split further.

 

Case study 2: “Data Source Curator”

 

Goal: Allow a central data-ops team to manage shared data sources without touching report content.

 

Tasks to tick:

  • View Folders, View Reports, View Resources (for context)
  • Manage Data Sources (create/update connection strings/credentials)
  • Manage Reports / Manage Folders / Manage Shared Datasets / Manage Permissions

Testing & troubleshooting checklist

  • Role scope: Did you create an item-level or system-level role (not mixed)?
  • Assignment level: Is the role assigned at the right folder (and inherited), or did you break inheritance somewhere?
  • Least privilege: Start with minimal tasks (e.g., View Reports), add more only if a real need appears. Tasks can’t be customised, so keep roles simple.

Official Microsoft docs (recommended reading)

Wrap-up

Custom roles in Power BI Report Server are straightforward once you remember two things: create them in SSMS, and compose them from built-in tasks. With patterns like Viewer & Export (no publish) and Data Source Curator, you can tighten governance without slowing the business down. 

Comments