In this post we will see the steps to create report viewer role in SCCM 2012 R2. I got a request from a user that they need access to run the SCCM reports to view Software updates compliance. I thought I could use the RBA which provides SCCM 2012 R2 the ability to assign and manage administrative permissions.
SCCM 2012 has built-in security roles and so I recommend to create a new role based on the built-in role that matches the criteria of what you want to achieve (in this case, grant read and run report access to users). One such role is the Read-only Analyst role. In the SCCM console, navigate to Administration > Security > Security Roles. Right click on Read-only Analyst role and click Copy.
Enter the name for the new security role (I named it as Report Viewers) and add a description. Customize the permissions and set it to Read, Run Report. Once you are done, click OK.
Create a Security group (recommended) in AD which will house the users who require access to reports. I created one and named it as Role-SCCM-ReportViewers Back in SCCM, right click on Administrative Users and choose Add User or Group
Browse and add the security group you created earlier and Click Add. Now choose Only the instances of objects that are assigned to the specified security scopes or collections and modify the scope using the Add button if required (to remove all systems and include only specific collections).
Click OK and the group will be added. Users of this security group will now have access to read and run reports.