New Reports Reader Role in Office 365
One of the many announcements from Ignite last month was the new ‘Reports reader’ role in Office 365, enabling greater visibility into the reporting available in the Admin Center.
The Reports reader role can be assigned to any Office 365 user across the entire organization, and no additional privileges are required. Users with this role can access all the reports, including the data available in the Power BI Adoption Content Pack. It is a read-only role, the user has no ability to filter or customise the reports, which works to protect the information, although it does limit the capabilities available to some extent.
Prior to this addition, access to built-in reporting has been an ongoing challenge for many organizations, especially larger ones. Before the introduction of this role, Office 365 Admins were the only people who could access these reports, and even then, there were different role-based restrictions (Skype Admins could only see Skype reports, SharePoint Admins were only able to see SharePoint reports, and so on). This framework was effective in controlling access to this information, but could be frustrating, as it meant that other users across the business had to rely on an Admin when they needed details from the reports.
How to assign a ‘Reports reader role’
To make your user (Diego, the HR Manager who wants licence reports) a ‘Reports reader’:
1. In the Admin Center, click ‘Users’ and then ‘Active users’ in the expanded menu.
2. Select the user(s) you would like to assign the role to.
3. In the expanded view on the left-hand side of the screen, find the ‘Roles’ section, and click ‘Edit’
4. Select ‘Customized administrator’ and from the options below, choose ‘Reports reader’ and click ‘Save’.
5. Once you click ‘Save’, you’ll see the following confirmation.
And that’s it! Diego should be able to see the reports he needs (if your user is logged in when you make the change, they may need to log out and sign in again, before the change takes place).
The new Reports reader role is a great start. It makes the built-in reports more accessible, without compromising your tenant by assigning privileges or permissions unnecessarily. That said, the feature’s capabilities are relatively limited, which could mean that certain users may not be able to take advantage of this feature:
All or nothing.
The role enables the user to see all Office 365 reports for the tenant, but the key point of this role is to assign it to users outside of IT Administration – these are people who don’t need to see everything, and crucially – they shouldn’t be able to. Currently, there is no option to assign access to a subset of reports, or create a specific ‘role’, like a ‘Finance’ Reports reader role, who can access a segment of reports for the information they need (like licensing for IT chargebacks, or cost management).
This ‘all or nothing’ structure means that many organizations (particularly those in Europe) may not be able to take advantage of this feature due to data protection policies, as the role could access information that they should not be able to see.
While the Reports reader role is a welcome addition, and a move towards creating better visibility of reporting in Office 365, it doesn’t fulfil the requirements for more controlled RBAC (Role Based Access Control) that many organizations need just yet. It will be interesting to see how this role evolves, and whether further access controls are added.
If you need enhanced RBAC capabilities for your Office 365 reports, many third-party tools/ISVs offer this, including Radar Reporting (formerly Cogmotive Reports). You can find out more here.