There are a variety of security permission keys that give a large degree of control over access to reports.  There are two principal groups of permission keys, providing overall control, and then control over individual report types.

Permission Keys – Overall Control

Permission Key Purpose
SR_ALLOW_ADVANCED_QUERIES When this setting is YES, the user role can create, edit, save, delete and execute reports composed with the Advanced Query option. When this is set to NO, reports composed with Advanced Query may only be run, and only if the user role has permission to the appropriate SR_PUBLIC_REPORT, SR_PERSONAL_REPORT and SR_USERROLE permission keys
SR_ALLOW_EXPANDED_QUERIES When the user role has read access to this key, the users can switch between condensed and expanded queries. When this key is set to no access, the users will only be able to create queries with the condensed mode and will not be able to switch into the expanded mode
SR_ALLOW_REPORTS_ACCESS This is a master switch for access to the ability for a user role to either create new reports, or to run existing reports.  Unless a user role has Read Access to this key, they are not permitted to undertake any reporting activity from the Reports screen
SR_ALLOW_HIERARCHY_REPORTS Write permission to this key allows the user the ability to create reports that use hierarchical filters
SR_DASHBOARD_ON_HOME_PAGE This permission key is controlled by user custom code. When this is set for Read permission for a role, then a dashboard report inserted by user custom code will appear on the Home page of the user
SR_FILTER_BUTTON Grant access to the filter button used to change report filters.
SR_KB_ON_HOME_PAGE Read permission to this key will allow the user role to view and use the knowledgebase search box on the Home Page
SR_MENUBAR_REPORTS If the user has permission to this security key, then they will see and be able to run any report from the menubar at the top of the screen
SR_RELATIONSHIP_GROUP This key controls access to allow the user to group issues on column and Quicklist reports with the Group Issues button. Write access is needed to control this.
SR_REPORT_GROUP Write permission to this key allows the user role to share reports
SR_REPORT_REPOSITORY_ACCESS The user role requires write access to write to the repository from the report scheduler.  Read access is required to be able to view reports stored within the repository.  Write access also provides the ability to view and use the Manage Repository Folders feature. 
SR_REPORT_SCHEDULE Write permission to this key allows the user role to use the report scheduler
SR_SET_HOME_PAGE_REPORTS Read access to this key allows the user to select and set their Home Page reports

Permission Keys – Individual Report Control

Reports fall into two major categories, Shared reports and Personal reports.

Shared reports appear on the Query screen underneath the section entitled Shared reports while Personal reports appear in the My Reports section. There is a sub-division of Shared reports whereby reports can be shared across one or more user roles.

For each type of report, there are three separate security permission keys. In total, this allows each report type to have its security permissions set for each role. The keys are:

Personal Key Shared Key User Role Key
SR_PERSONAL_AGING SR_PUBLIC_AGING SR_USERROLE_AGING
SR_PERSONAL_CALENDAR SR_PUBLIC_CALENDAR SR_USERROLE_CALENDAR
SR_PERSONAL_CHART SR_PUBLIC_CHART SR_USERROLE_CHART
SR_PERSONAL_COLUMN_REPORT SR_PUBLIC_COLUMN_REPORT SR_USERROLE_COLUMN_REPORT
SR_PERSONAL_CONTAINER SR_PUBLIC_CONTAINER SR_USERROLE_CONTAINER
SR_PERSONAL_DASHBOARD_REPORT SR_PUBLIC_DASHBOARD_REPORT SR_USERROLE_DASHBOARD_REPORT
SR_PERSONAL_GEOSPATIAL SR_PUBLIC_GEOSPATIAL SR_USERROLE_GEOSPATIAL
SR_PERSONAL_LINKED_REPORT SR_PUBLIC_LINKED_REPORT SR_USERROLE_LINKED_REPORT
SR_PERSONAL_MATRIX SR_PUBLIC_MATRIX SR_USERROLE_MATRIX
SR_PERSONAL_PAGE_LAYOUT SR_PUBLIC_PAGE_LAYOUT SR_USERROLE_PAGE_LAYOUT
SR_PERSONAL_PLANNING SR_PUBLIC_PLANNING SR_USERROLE_PLANNING
SR_PERSONAL_SUMMARY_REPORT SR_PUBLIC_SUMMARY_REPORT SR_USERROLE_SUMMARY_REPORT
SR_PERSONAL_TASKBOARD SR_PUBLIC_TASKBOARD SR_USERROLE_TASKBOARD
SR_PERSONAL_TREEGRID SR_PUBLIC_TREEGRID SR_USERROLE-TREEGRID

If a user role has read permission, then the reports are visible on the query list, and the user role may run the report. If a user role has write permission, then the user role may save or overwrite reports of the type.

Saving Reports

The section of the window Visibility of Report is present if you can save the report for different roles, i.e. you have permission to the SR_USERROLE_xxx permission key. You can save the report for all user roles or you can select multiple roles from the list, and only these roles will have the abilirt to access the report.

Within the Existing Folders section, you can select the My Reports section to save the report for your personal use. This requires permission to the SR_PERSONAL_xxx permission key. If you want to save the report within an existing personal folder, select that folder.

Within the Existing Folders section, you can select the Shared Reports section to save the report for shared use or for use across one or more user roles. This requires permission to the SR_PUBLIC_xxx or SR_USERROLE_xxx permission key. If you want to save the report within an existing shared folder, select that folder.

To create a new subfolder within the My Reports section, select My Reports and then enter the name of the new folder in the bottom field. To create a new subfolder within the Shared Reports section, select Shared Reports and then enter the name of the new folder in the bottom field.