For a user to view a Report that sources data from an entity-backed record, what security is needed?

To allow a user to view a Report that sources data from an entity-backed record, it is essential for that user to have appropriate permissions related to both the Report itself and the underlying Data Store where the data is sourced from.

Having Viewer rights to the Report ensures that the user can view the content of the report. Without these rights, they would not have access to see any information presented in that report. Additionally, providing Viewer rights to the Data Store is crucial because the Data Store manages the actual data retrieved for the report. This means that even if the user can access the Report, they also need the rights to access the data that feeds into it; otherwise, they may run into issues where the Report is technically accessible, but the data is not visible to them due to insufficient permissions on the Data Store.

This combination of permissions establishes a secure way of managing data access while still allowing necessary visibility into the Report and its related data, ensuring that only authorized users can view sensitive information. Other options provide either insufficient access to the Report, just the Data Store, or unchecked access rights that may lead to security risks, making them inadequate choices for this requirement.