I was recently asked by a customer how they can provide different groups or departments read-only access to their Lync Monitoring Reports Infrastructure. They didn’t want them to have access to their Lync Servers just the reports. If you remember when going through setup of “Deploy Monitoring Reports” we could have specified a Read-Only group. The problem is that most people look right past this and only give RO access to RTCUniversalReadOnlyAdmins which the setup suggests (see below).

The problem is there isn’t a lot of documentation on how to change this after you complete the setup if you only used the default group or left this blank. Below we will go through the process of removing or adding additional groups. In our example we will use fabrikam\user31 who is only a member of domain users and doesn’t have any permissions to our Lync Infrastructure. Just to confirm this is the message we receive from that user before making any changes.

Although you can give users individual access to these reports it would be more optimal to create an AD Universal Security group. In our example I have created a USG named “Lync Reports (Read-Only) and added our user “fabrikam\User31” to this group.

In order to grant these permissions you have to access the report server with the following URL http://reportservername/reports. You must do this with an account that is a member of the report servers local administrators group. Once you get to this page click on “Folder Settings” and then “New Role Assignment”. In group or username put the group name (format domain\groupname), select Monitoring Reports Browser, and click OK.

Now that we have access to the root of the report server we need access to the “Lync Server Reports”. To accomplish this open http://reportservername/reports again and this time click on “Lync Server Reports”. Now click on “Folder Settings” again, click Security on left hand side, and select “New Role Assignment”. Now let’s add the same group as above with the same permissions and click OK.

Now let’s test. With our user “User31”, access the reports and verify we have access. Success!!! If you have more than the default LyncServerReports (Doug Deitterick Archiving Report) you would add permissions to each of these folders.