In my scenario custom report creator should have read only access to SCCM console and he/she should be able to create and modify reports. In CM 12  we already have a build in role to Grants permissions to view all Configuration Manager objects.  I've created a copy of that build-in security role and made few changes.

More Details --> www.anoopcnair.com