Role-Based Access to Reports and Resources

To grant access to reports and resources, you can allow users to inherit existing
role assignments from a parent folder or create a new role assignment on the item
itself.

In most cases, you will probably want to use the permissions that are inherited
from a parent folder. Setting security on individual reports and resources should
only be necessary if you want to hide the report or resource from users who do
not need to know that the report or resource exists, or to increase the level of
access for a report or item. These objectives are not mutually exclusive. You can
restrict access to a report to a smaller set of users, and provide all or some of
them with additional privileges to manage the report.

You may need to create multiple role assignments to achieve your objectives. For
example, suppose you have a report that you want to make accessible to two
users, Ann and Fernando, and to the Human Resource Managers group. Ann and
Fernando must be able to manage the report, but the Human Resource Managers
members need only to run it. To accommodate all of these users, you would
create three separate role assignments: one to make Ann a content manager of the
report, one to make Fernando a content manager of the report, and one to support
view-only tasks for the Human Resource Managers group.

Once you set security on a report or resource, those settings stay with the item
even if you move the item to a new location. For example, if you move a report
that only a few people are authorized to access, the report continues to be
available to just those users even if you move it to a folder that has a relatively
open security policy.

Regards,
Hossein Karimi