I'm currently working through an upgrade of TFS2010 to TFS2012. In our old configuration, TFS, Sharepoint, and Reporting Services were on the same server, with the rest of the DBs on a separate SQL server. During the upgrade, we put Reporting Services on the SQL Server and put Sharepoint on it's own server. We also created an additional TFSReports service account.
What permissions are required on the Reporting Services side? Since this migration occurred, the existing permissions were carried over. The admins (Granted System Administrator and Content Managers) are no longer in the BUILTIN\Administrators group, so we'll have to go in and manually add those permissions to each of the folders in TfsReports.
My question is, which of the TFS Service Accounts need access to each of the Team Project folders inside of the collection? Does TFSService (which is what the app server runs as) need Team Foundation Content Manager for creation of content in the folders? And TFSReports just need Browser role? I noticed NT AUTHORITY\Authenticated Users is currently a Browser and don't know if that is supposed to be there or just remnants of a previous misconfiguration.
Any thoughts are appreciated.
Thanks!
Best Answer
In the MSDN topic below, there is a table that lists all of the permissions required by the service account and report reader role. You shouldn't have to assign the service account permissions to any of the projects.
http://msdn.microsoft.com/en-us/library/ms253149.aspx
The report reader needs some basic rights (allow log on locally). Once you get that in place, you can set the rest by using the TFS admin console. Go to the application tier node, scroll to the bottom, and do change account/update password. TFS will add any requried SQL permissions.
http://msdn.microsoft.com/en-us/library/vstudio/bb552344.aspx
I don't have authenticated users in mine, but I have everything on a single machine. Network Service is in mine.