Best practices on managing reports in client organizations
Our use case is the following.
We have a common set of reports that are deployed to the parent organization. These reports by default are visible to all client organizations. And, we have a bunch of client organizations, each with their own admins and users. These admins are account admins and will not have access to the parent organization. Instead of each user in every organization getting access to all the reports in the parent org, we want to have a model where the account admins can control which user gets what in each account. We are ok for the admins to see all the reports but not for the users until the admin allows them?
What are the recommended ways of implementing this inside client organizations without the admins meddling with anything in the parent organizations?