There is no specific “Report” permission, Query permissions control access to reports:
- Query (edit all users).
The Query permission is necessary for users to access the Queries/Reports module, and it grants the ability to create a report. It will also grant users the ability to see a report by navigating directly to the report using a report-specific URL. However, users with the Query permission only will not see a listing of reports in the Report Builder module even if they created the reports themselves (since reports do not have a user).
Query (edit all users)
In practice, this means that the Query (edit all users) permission is necessary to see the list of reports in Queries/Reports. Since the Query permission already grants a user the ability to create reports using all available data, the Query (edit all users) permission does not allow any greater access.
Since reports are designed in general to share aggregate data, there is not a report “user” value (as there is with a query).
While the Query permission is necessary to create a report, a user must have access to a Query Base to access the necessary data. Access to query bases is controlled by two global permissions:
Access to a Query Base can also be granted via the Read Permission on each Query Base.
Controlling Access to Reports
User access to reports can be managed using Realms or Sharing Permissions.
To allow users restricted access to only certain reports in Report Builder, reports can be put in Realms. In the Queries/Reports module, a user with a Realm permission and Query (edit all users) will only see reports in the appropriate realm as long as all reports are in a realm. Reports that are not in a Realm can be seen by any user with the Query (edit all users) permission.
A user with the Query permission only and not the Query (edit all users) permission who has been granted access to report as a Grantee with the Display Report permission using Sharing Permissions can see and edit the report in the Queries/Reports module.
Reports on the Homepage
Users can also be granted access to a report outside the Queries/Reports module by adding the report to the System tab/Homepage sub-tab folder.
Any user with the Query (edit all users) permission or a user added as Grantee on the report using Sharing Permissions will see the report on the Homepage tab. Users added as Grantees on certain reports and without the Query (edit all users) permission will only see reports to which they have been added as a Grantee. This is a recent update to this functionality (previously, Grantee permissions were not honored on Homepage tabs).
Realm permissions can also be used to control which users see which reports on the Homepage. Users will only see report tabs for reports in their realm or realms.