The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)
Hi,
I wonder if anyone can help me?
I have installed and configured sql server 2005 express edition with advanced services on an xp box, with the aim of using reporting services.
I have set up reporting services successfully using the report manager, with my web services id = netwrokservice.
I can access both the report manager and report url locally, i.e while using localhost anjd on the machine. The problem arises however when i try to access
the reports from another machine, as i get the message:
"The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)"
I have looked at various sites (including microsoft) in an attempt to find a solution to this and most sites give exmaples of how to configure the full
version of reporting services which i do not have. The things that I have managed to gleam and try are:
- open up security on dir: C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer to everyone and allow all access
- added my own username as a new role assigment in the report manager page
- added my own username to the reportserveruser and reportingserviceswebservicesuser roles, as indicated by microft:
Based on the error message, it’s a security issue. If you want the access check against the logon user on the client machine, then this is an impersonation problem.
You are using Windows Authentication and disable the anonymous visiting, right? And what you are doing is to use a domain user to visit the reporting service, please check the following points:
1. Make sure that the web service username you set in reporting service configuration tool has been added into the corresponding ReportingService groups.
2. Please make sure that you have enable the impersonate in your config file.
My web service user name is curently: NT AUTHORITY\SYSTEM, this is already added to the group SQLServer2005ReportingServicesWebServiceUser$machinename$SQLEXPRESS, as is machinename\aspnet
The config elements mentioned are already in the web.config file located at C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportManager
The account what you are using is NT AUTHORITY\SYSTEM, which is a local account that has high-level rights on the local system but limited rights within the domain. If you are using Windows XP, try to make ASPNET account to be yuor webservice identity account.
I looked at this and have found similar threads elsewhere which state that u cannot change the account type from NT AUTHORITY\SYSTEM as this is greyed out and if you attempt to change this in the configuration file in the hope that this will change the
setting it gives an error (cross not a tick) against the web service account in reportiong services config tool.
I read from other sources that this is due to the version of iis, i.e. older versions automtically make the web service account machinename\aspnet whereas newer versions make this NT AUTHORITY\SYSTEM.
chambersshhh
0 Points
3 Posts
The permissions granted to user 'domain\username' are insufficient for performing this operation....
Jan 21, 2008 10:38 AM|LINK
The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)
Hi,
I wonder if anyone can help me?
I have installed and configured sql server 2005 express edition with advanced services on an xp box, with the aim of using reporting services.
I have set up reporting services successfully using the report manager, with my web services id = netwrokservice.
I can access both the report manager and report url locally, i.e while using localhost anjd on the machine. The problem arises however when i try to access
the reports from another machine, as i get the message:
"The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)"
when going to for example:
"http://servername/ReportServer/Pages/ReportViewer.aspx?%2fReport1&rs:Command=Render"
I have looked at various sites (including microsoft) in an attempt to find a solution to this and most sites give exmaples of how to configure the full
version of reporting services which i do not have. The things that I have managed to gleam and try are:
- open up security on dir: C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer to everyone and allow all access
- added my own username as a new role assigment in the report manager page
- added my own username to the reportserveruser and reportingserviceswebservicesuser roles, as indicated by microft:
http://msdn2.microsoft.com/en-us/library/ms365166.aspx, who state that "Custom authentication extensions and custom role assignments are not supported. You
must map existing Windows domain user and group accounts to predefined role definitions."
Can anyone suggest where to look next as I cannot believe that this should be this difficult?
Many Thanks in advance
Nai-Dong Jin...
All-Star
41630 Points
3558 Posts
Re: The permissions granted to user 'domain\username' are insufficient for performing this operat...
Jan 23, 2008 02:38 AM|LINK
Hi,
Based on the error message, it’s a security issue. If you want the access check against the logon user on the client machine, then this is an impersonation problem.
You are using Windows Authentication and disable the anonymous visiting, right? And what you are doing is to use a domain user to visit the reporting service, please check the following points:
1. Make sure that the web service username you set in reporting service configuration tool has been added into the corresponding ReportingService groups.
2. Please make sure that you have enable the impersonate in your config file.
<authentication mode="Windows"/>
<identity impersonate="true" />
Thanks.
chambersshhh
0 Points
3 Posts
Re: The permissions granted to user 'domain\username' are insufficient for performing this operat...
Jan 23, 2008 01:36 PM|LINK
Hya,
Regarding your suggestions:
Can I supply any other info?
Many Thanks
Simon
Nai-Dong Jin...
All-Star
41630 Points
3558 Posts
Re: The permissions granted to user 'domain\username' are insufficient for performing this operat...
Jan 24, 2008 01:28 AM|LINK
Hi,
The account what you are using is NT AUTHORITY\SYSTEM, which is a local account that has high-level rights on the local system but limited rights within the domain. If you are using Windows XP, try to make ASPNET account to be yuor webservice identity account.
Thanks.
chambersshhh
0 Points
3 Posts
Re: The permissions granted to user 'domain\username' are insufficient for performing this operat...
Jan 31, 2008 10:52 AM|LINK
hi
soz for late reply had probs acessing net.
In regard to your suggestion:
I looked at this and have found similar threads elsewhere which state that u cannot change the account type from NT AUTHORITY\SYSTEM as this is greyed out and if you attempt to change this in the configuration file in the hope that this will change the setting it gives an error (cross not a tick) against the web service account in reportiong services config tool.
I read from other sources that this is due to the version of iis, i.e. older versions automtically make the web service account machinename\aspnet whereas newer versions make this NT AUTHORITY\SYSTEM.
Thanks
Simon
sachith_chan...
Member
6 Points
4 Posts
Re: The permissions granted to user 'domain\username' are insufficient for performing this operat...
Oct 08, 2009 03:24 PM|LINK
Hi,
Go to the reporting services server.
Normally, http://servername/Reports
Then select the particular report or the entire folder which contains the reports.
Select the properties tab on top and then the security tab in left.
Then click New Role Assignment.
In the text box provided type the username which you got in the error message:
"The permissions granted to user 'TO\username$' are insufficient for performing this operation. (rsAccessDenied)"
Then tick the Browser check box.
Click OK.
That's it.
Thank you.
Web/Database Developer
B.Sc(MIT), MBCS, MCTS
samnz
Member
2 Points
10 Posts
Re: The permissions granted to user 'domain\username' are insufficient for performing this operat...
Oct 27, 2009 01:25 PM|LINK
I went through this issue & had a chance to read all the messages! All are informative!
Just to add my tip -:
1) Go to Report server
(http://server/reports/pages/folder.aspx)
2) select your project folder
3) select properties tab, then click on Security option
(This is project level, if you want to give some specific report , open that report in rptserver
repeat from 3)
4) select new role assignment
add new domain users as Browser role
i.e, domain\Domain Users
abuswell
Member
4 Points
8 Posts
Re: The permissions granted to user 'domain\username' are insufficient for performing this operat...
Jun 25, 2010 04:52 PM|LINK
Hello Sachith,
I tried this before and received another error message -
The user or group name ''NET\MIDHOUHQAPV22$' is not recognized. (rsUnknownUserName)
I'm trying to run the report from an ASP.NET application and I'm using a report viewer on the calling page.
Thanks in advance for any oinsight to this problem.
Regards, Albert Buswell