Admins can now control who sees which report in the Reports Catalog. Each report supports a per-report allowlist of users, roles, or both. When no allowlist is configured, the report stays visible to everyone with reports access (today’s behaviour).

This is useful when you want to give a specific team access to a narrow set of reports without exposing the rest of the catalog. The visibility filter is applied both when listing reports and when running them, so a crafted request cannot run a report a user is not entitled to see. Visibility changes are captured in the audit trail.