Power BI Report Server: Checking Folder and Report Permissions with a Paginated Report

Power BI Report Server: Checking Folder and Report Permissions with a Paginated Report

Managing permissions in Power BI Report Server can feel like navigating a maze. Just like in Windows, you can assign permissions to folders or individual items, and you can even break inheritance at any level to redefine access. While this flexibility is great, it can quickly become hard to manage—especially in larger environments.

Keep It Simple: Best Practices for Permission Management

Here’s my recommendation:

  • Keep your folder structure simple.
  • Use inheritance wherever possible.
  • Group reports with similar access needs into the same folder. This makes permission management much easier and reduces the risk of misconfigured access.

If you’re new to this topic, check out Microsoft’s documentation:
Roles and permissions in Reporting Services – SQL Server Reporting Services (SSRS) | Microsoft Learn
It’s a great resource to understand how roles and permissions work in SSRS.

Why I Built a Paginated Report for Permission Checking

To keep track of permissions and spot inconsistencies, I built a paginated report that shows only folders where permissions differ from their parent. This helps identify where inheritance has been broken or where custom access rules have been applied.

What the Report Shows

The report is designed to highlight only folders with custom permissions. For example:

  • If Sales/Monthly and Sales/Yearly have the same permissions, they won’t be listed.
  • If Sales/Management has different permissions, both Sales and Sales/Management will appear.

Each permission entry includes an “X” marker to indicate whether a specific group has access. You can also switch the report to show individual reports—whether paginated or Power BI.
If you need a list of each and every folder or report you can play with the view definition or even better make it another report parameter 😊.

Just uncomment this line:

		/* no inherited roles from parent folder*/
			pur.policyid NOT IN  (SELECT x.PolicyID FROM dbo.[Catalog] x WHERE x.ItemID = c.ParentID) 

Installation Steps

  1. Download the files
  2. Create the View
    In your ReportServer database, create a view named RSPermissions.
  3. Grant Permissions
    Make sure the appropriate users have SELECT permissions on the view.
  4. Open it in Report Builder and change the data connection to your Report Server.
    • You may need to adjust the credentials (default is “Use current Windows user”).
    • There’s a video walkthrough available if needed.
  5. Preview the report and save it.
  6. Upload the .rdl file to your Power BI Report Server.
  7. Make sure the user accessing the report has read access to the ReportServer database.

Pro Tip for Mixed Access Scenarios

Do you have folders that are accessible to customers, but contain some reports meant only for internal use?
Here’s a trick:
Create a separate subfolder with the same name (e.g., Sales/Internal) and move internal-only reports there. Then use this report to verify that only internal users have access—and that inheritance has been properly broken if needed.
Then you can use a SQL like this for alerting…just fill in the placeholder in the last line 😉:

SELECT *
FROM dbo.RSPermissions
WHERE PathUnformatted LIKE '%/internal'
AND UserName NOT LIKE '<Pattern for internal users>

This report has helped me avoid permission headaches and keep our Report Server clean and secure. If you’re managing access for multiple teams or clients, it’s a must-have tool.

Disclaimer

This article was created based on my personal notes with support from Microsoft Copilot. While Copilot assisted in structuring and refining the content, all technical details have been carefully reviewed and developed by me.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.