# Access Control for Report

## Resource Roles for Reports

Reports are read-only documents, so there is only a view permission. Also, executing SQL and retrieving the results of the execution are determined by the report's permission, not the connection's permission.

| Role name     | Summary                                                                                   |
| ------------- | ----------------------------------------------------------------------------------------- |
| Report Viewer | Can view the report and refresh the query results if the report allows refresh execution. |

## Report Operations and Access Control Rules

| Operations                                | Required Roles |
| ----------------------------------------- | -------------- |
| <p>View report contents</p><p>Comment</p> | Report Viewer  |

Operations related to publishing a report are influenced by the access scope of the original notebook from which the report is created.

<table data-full-width="true"><thead><tr><th>Operations</th><th>scope: Workspace</th><th>scope: Teamspace</th><th>scope: Private</th><th>scope: Shared</th></tr></thead><tbody><tr><td><p>Publish reports</p><p>Change permissions of reports</p></td><td>"Workspace Editor"<br>AND "Connection User" *</td><td>"Teamspace Editor"<br>AND "Connection User" *</td><td>"Workspace Editor"<br>AND "Connection User" *</td><td>N/A</td></tr><tr><td>Delete reports.</td><td>Workspace Editor</td><td>Teamspace Editor</td><td>Workspace Editor</td><td>N/A</td></tr><tr><td>Edit report settings.</td><td>Workspace Editor</td><td>Teamspace Editor</td><td>Workspace Editor</td><td>N/A</td></tr></tbody></table>

\*: The `Connection User` role is required for all connections within the publishing pages of the report.