SCCM 2012–Reporting in console for non-admins (Reporting User Role) v2

Hi,

Sorry for the re-post but first time posting and having a few issues ironing out how to get it to post right…

I recently ran into the an issue with reporting for non-admin users on a SCCM 2012 implementation and since I had issues finding the resolution I decided it may be prudent to post the resolution.

Issue:

Create a User  under “Administrative Users” with scoped role, eg Workstation Admin and you give them the various roles and the console looks great except when you get to reporting where you get the “No items found” message.

image

 

If you access the reporting server directly with IE, the user is able to access the reports.  It’s just not working in the SCCM Console.

Following through the advice of others  and following the Coretech blog on how to create the Reporting User role and no change, Users still didn’t have access to reporting through the console.  The instructions are almost right, but they need a little correction and additional explanation to get it all to work.  I had to complete the following steps:

1) Under Security Roles select the “Read-Only Analyst role, right click and copy

2) Name the Role “Reporting User” and remove all settings except Run Report with the exception of Site which also needs Read access.

image

This was one of the items that caused me issue, thanks to Brian Mason on the mssmslist to get me thinking in that direction.  The role needs the read access to the site otherwise it can’t read the Reporting Point configuration.

3) Proper configuration of the “Administrative User” with multiple security roles assigned

image

was the other missing piece.  When you scope a user you remove the default scope and put in a narrower one so they only see items like the workstation collections and therefore remove the Default security scope.  Removing Default is also what will then prevent the Reporting Role user from seeing the site configuration and you will still have the No items found message under reporting.  what is required is to change the Security Scopes which may look like:

image

by clicking on the “Associate assigned security roles with specific security scopes and collections” which allows more granularity

image

then select the Reporting User role and click Edit and add the Default security scope to the role (Gives access to read the site configuration information to find the reporting point).

image

Click OK and Apply and you should now have a fully working reporting role. 

Hopefully you will find the above information helpful in solving that No items found message in your delegation.

Leave a Reply