As far as I know you cannot do anything in RBAC to prevent a role having access to reporting (it uses the same authentication process as configuration manager), I would suggest you approach this from a network/server access point of view and restrict it at the level if you can depending on how you infrastructure is configured.
Thanks for your reply. I am looking at restricting access to port 443 from the 3rd party management server and also looking at Apache authentication level control.
This is an enhancement request I created last month. Baically sometime in one of the future release there will probably be REPORTING specific roles that we can manage via RBAC.
Anyhow, can you now use the Apache tomcat admin console to control this?
I believe it is available on the reporting server
http://reporting server url/admin