Add 'Access Granted To' functionality to Reports

[will.good]

Hi,

Can we raise an enhancement to add 'Access Granted To' functionality to reports across the system.

This would help with allowing us to publish reports that individual groups / users can run without having to run this for them.

E.g. we have several reports that we have to run sometimes for people e.g. a report to show the requests raised from a particular site / company or for a particular category.

We have to run these on behalf of people because if we give them access to run the report themselves they can see all reports, even if we only provide them with the ability to run reports and not edit them. Having the ability to only provide access to a particular report for example would mean we could just allow them to run this themselves.

At the minute only a couple of users on our instance have access to reporting because a reporting user can see all reports (which has been a frustration for years).

[Gareth Cantrell]

+1

[Peter Clough]

+1, this would be very helpful with some of the reporting we anticipate needing in the next 3-6 months.

[James Ainsworth]

Hi @will.good

Thanks for your post.  I have a question about data.  This requirement, which replicates a feature that is available on workflows, would not control access to the data used for report creation.  I just want to confirm that your requirement is all about just controlling the visibility of the reports that have been created and is not about controlling access to the underlying data?

[will.good]

16 minutes ago, James Ainsworth said:

Hi @will.good

Thanks for your post.  I have a question about data.  This requirement, which replicates a feature that is available on workflows, would not control access to the data used for report creation.  I just want to confirm that your requirement is all about just controlling the visibility of the reports that have been created and is not about controlling access to the underlying data?

Hi @James Ainsworth

Exactly that - my thought process is below

We want to be able to let John run an ad hoc report where he can input a variable (such as a request ID / Team ID)

We can give John the access he needs to be able to run the report (through the Reporting User role). However, this doesn't stop John running any of our other reports.

Being able to share the report with John (or a role / group relevant to John) ensures that we are still in control of the data that he can see and he only sees what is permitted.

[James Ainsworth]

33 minutes ago, will.good said:

Being able to share the report with John (or a role / group relevant to John) ensures that we are still in control of the data that he can see and he only sees what is permitted.

I'm assuming that "John" has the Reporting User role, so he can't create or edit reports?

[will.good]

3 minutes ago, James Ainsworth said:

I'm assuming that "John" has the Reporting User role, so he can't create or edit reports?

Yep

[Sam P]

+1 this would be a great feature / enhancement

[HGrigsby]

+1 for this from us as well.  

[samwoo]

+1 

[Berto2002]

+1 for allowing defined users to run reports that we have previously configured for them.

However, we use a couple of ways to get the report data to others anyway:

1. Schedules can be set-up to regularly email the result outputs to the people that need them
2. We run the data extract utility on a daily schedule for a whole bunch of reports which stores a refreshed csv file for every report in a permissions-controlled Sharepoint folder; our user groups then use that as a data source for Power BI to build their own reporting.