Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jun 25, 2010 04:52 PM by abuswell
Jan 21, 2008 10:38 AM|LINK
The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)
I wonder if anyone can help me?
I have installed and configured sql server 2005 express edition with advanced services on an xp box, with the aim of using reporting services.
I have set up reporting services successfully using the report manager, with my web services id = netwrokservice.
I can access both the report manager and report url locally, i.e while using localhost anjd on the machine. The problem arises however when i try to access
the reports from another machine, as i get the message:
"The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)"
when going to for example:
I have looked at various sites (including microsoft) in an attempt to find a solution to this and most sites give exmaples of how to configure the full
version of reporting services which i do not have. The things that I have managed to gleam and try are:
- open up security on dir: C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer to everyone and allow all access
- added my own username as a new role assigment in the report manager page
- added my own username to the reportserveruser and reportingserviceswebservicesuser roles, as indicated by microft:
http://msdn2.microsoft.com/en-us/library/ms365166.aspx, who state that "Custom authentication extensions and custom role assignments are not supported. You
must map existing Windows domain user and group accounts to predefined role definitions."
Can anyone suggest where to look next as I cannot believe that this should be this difficult?
Many Thanks in advance
Jan 23, 2008 02:38 AM|LINK
Based on the error message, it’s a security issue. If you want the access check against the logon user on the client machine, then this is an impersonation problem.
You are using Windows Authentication and disable the anonymous visiting, right? And what you are doing is to use a domain user to visit the reporting service, please check the following points:
1. Make sure that the web service username you set in reporting service configuration tool has been added into the corresponding ReportingService groups.
2. Please make sure that you have enable the impersonate in your config file.
<identity impersonate="true" />
Jan 23, 2008 01:36 PM|LINK
Regarding your suggestions:
Can I supply any other info?
Jan 24, 2008 01:28 AM|LINK
The account what you are using is NT AUTHORITY\SYSTEM, which is a local account that has high-level rights on the local system but limited rights within the domain. If you are using Windows XP, try to make ASPNET account to be yuor webservice identity account.
Jan 31, 2008 10:52 AM|LINK
soz for late reply had probs acessing net.
In regard to your suggestion:
I looked at this and have found similar threads elsewhere which state that u cannot change the account type from NT AUTHORITY\SYSTEM as this is greyed out and if you attempt to change this in the configuration file in the hope that this will change the
setting it gives an error (cross not a tick) against the web service account in reportiong services config tool.
I read from other sources that this is due to the version of iis, i.e. older versions automtically make the web service account machinename\aspnet whereas newer versions make this NT AUTHORITY\SYSTEM.
Oct 08, 2009 03:24 PM|LINK
Go to the reporting services server.
Then select the particular report or the entire folder which contains the reports.
Select the properties tab on top and then the security tab in left.
Then click New Role Assignment.
In the text box provided type the username which you got in the error message:
"The permissions granted to user 'TO\username$' are insufficient for performing this operation. (rsAccessDenied)"
Then tick the Browser check box.
Oct 27, 2009 01:25 PM|LINK
I went through this issue & had a chance to read all the messages! All are informative!
Just to add my tip -:
1) Go to Report server
2) select your project folder
3) select properties tab, then click on Security option
(This is project level, if you want to give some specific report , open that report in rptserver
repeat from 3)
4) select new role assignment
add new domain users as Browser role
i.e, domain\Domain Users
Jun 25, 2010 04:52 PM|LINK
I tried this before and received another error message -
The user or group name ''NET\MIDHOUHQAPV22$' is not recognized. (rsUnknownUserName)
I'm trying to run the report from an ASP.NET application and I'm using a report viewer on the calling page.
Thanks in advance for any oinsight to this problem.
Regards, Albert Buswell