Management Reporter Security: The Basics

Person typing on a keyboard

I have previously posted about the tendency to not think about security until the end of a project. This is just as true with Management Reporter as it is with Dynamics GP and SQL Reporting Services. However, as with anything else, thinking about security early in the report design process can be critical to efficient and successful implementation.

Let’s break down Management Reporter security in to three basic areas:

  • Company access, validated with your Dynamics GP credentials
  • Management Reporter access, controls the functions a user can complete
  • Report access, controls access to reports, folders and reporting units

Let’s start from the beginning, with company access. Within Management Reporter, you can control which companies a user can access. This would apply to those users accessing the Report Designer.

Management Reporter | Security | Users

Right-click | New User or Modify (to modify existing user)

Company Access tab

Reporter Security

Users granted access to a company in Management Reporter can select the company as default when accessing the Report Designer. Company access also can be controlled by security groups (Management Reporter | Security | Groups) and assigned to the user using the Groups tab. Please note if a user is assigned to the Viewer security role, the Company Access tab is not relevant and the company access cannot be enabled.

Users given access to a company in Management Reporter will be prompted to enter the credentials when accessing that company. Users will need to use their Dynamics GP credentials to access the company, as this is how Management Reporter confirms the user has access to the corresponding Microsoft Dynamics GP database.

The second layer of security mentioned above, Management Reporter access, also is controlled in Management Reporter through Security | Users.

Management Reporter | Security | Users

Right-click | New User or Modify (to modify existing user)

General Tab

Reporter Security

You can assign a selected Windows user—use the Search button to locate a domain user—to a specific role in Management Reporter. This, in turn, controls what they can or cannot do. The available roles are:

  • Viewer—View reports published to the Reports Library
  • Generator—Generate and export reports
  • Designer—Create building blocks (rows, columns, trees and report definitions) as well as generate and view reports
  • Administrator—Complete all activities in Management Reporter

Incidentally, the licensing for Management Reporter generally follows two different categories of users:

  • Administrator/Designer users—Limits number of users that can be configured as administrators or designers
  • Viewer/Generator—Limits number of users that can be configured as viewers or generators

The final element of security outlined above is Report Access. This can be controlled in three key ways:

  • Building block security
  • Reporting tree unit security
  • Report library security

Building block security is the ability to protect a building block from edits; a password is required to make changes to the building blocks. This security is enabled by opening a building block (row, column, tree or report definition) and clicking the Protect/Unprotect icon.

Open building block

Click Protect/Unprotect icon

Enter and confirm password to apply protection to prevent edits

Reporter Security

Once a building block is protected, users will be prompted to enter the password in order to open the building block for editing. If no password is entered, the building block is opened in read-only mode.

The second method to control report security is through Reporting Trees.

Open Reporting Tree

For selected reporting unit, navigate to Column L—Unit Security

Click to open Unit Security window

Reporter Security

Users and groups entered on a reporting unit will be restricted to viewing only the units to which they are assigned. This will affect the user’s ability to view the different reporting units in the Report Viewer when a report is published.

The final aspect of report security is the actual Report Library security. This controls the folders and individual reports a user can see in the Report Library. It is important to note administrators can see all reports in the Report Library.

Report Viewer

Right-click on Library or other subfolder | Report Library Permissions

Reporter Security

Assigning users or groups to a folder grants them access to that folder and its contents. For example, users assigned to the Report Library root folder automatically will gain access to all subfolders and reports. You also can right-click on an individual report within the Report Library and grant access to a specific report.

In my experience, it is easier to create folders for each report group/security group and assign the appropriate permissions to the folders. Then, any report you publish to a selected folder will automatically inherit the permissions from the folder. Within the Report Library permissions window, you can control the specific View, Edit, Create and Delete permissions for the selected folder/report.

P.S.:  After setting up your folders in the Report Library, don’t forget to update the output path on the Report Definition to the correct folder within the Report Library!

For more information on Management Reporter security, or for assistance in configuring security for Management Reporter, contact us at gpsupport@bkd.com.

Kate & Ben — How can we help you? Contact Us!

How can we help you?