It was recently brought to my attention that users are able to modify SSRS more than their role should allow. The user is a member of a group called SSRSUsers who are granted Browser role in SSRS. However this user can somehow modify permissions, run report builder, among other things. This should not be the case. How could this be happening?
↧