This has got to be something simple. I recentley migrated reports, Users, Subscriptions etc...from SSRS 2005 to a SSRS 2008 r2. I set up the department folders and added users the same way I did in 2005 to restrict access to various departmental reaports from non department employees (SOX). The problem is EVERYONE has access to the site, folders, reports, subscriptions etc regardless of which folder they are assigned to (or not even added to the security!).
What am I missing?
A certain BI Developer, who shall remain nameless, add the Active Directory group for IT to the Server Admin group. Duh!
Sorry for the false alarm.