For some customers the only people running and viewing reports are the same as the ones who already have advanced rights in SCOM. If they are admins they can see and run reports as they please. However in many cases we need to allow application owners and managers to view and run SOME of the reports in SCOM. Just as with operator roles for viewing alerts and health states and performance graphs, which you can limit to certain views or groups of servers, you can also create a report operator role to view certain reports you have created for them to view and run. The process of creating a new report operator role is not the difficult part, however in most cases the last important step is being forgotten. When you run the wizard to create a new report operator the last step will show you an identifier. You will need this ID to assign some rights for that group (identified by the ID) in SQL Reporting Services. It is all spelled out in the procedures, but like I said most forget it and ask themselves why the report operator cannot access their report. I confess to have forgotten it in several occasions as well, because first of all clicking through the last screen too fast (ignoring what it says) and wanting to move forward too fast. But it is easily fixed by following the procedure.
If you don’t you will get an error like this:
Loading reporting hierarchy failed. The permissions granted to user ‘yyy’ are insufficient for performing this operation.
For this I will refer to two posts made by Marnix Wolf who has explained it all – with screenshots – so no point in repeating the excercise:
http://thoughtsonopsmgr.blogspot.com/2010/08/user-with-report-operator-role-in-scom.html
http://thoughtsonopsmgr.blogspot.com/2010/08/how-to-scope-scom-r2-reports-for.html
Back to the SCOM Tricks general list
