Last post Oct 26, 2016 12:21 PM by bnarayan
Jan 21, 2008 06:38 AM|chambersshhh|LINK
The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)
I wonder if anyone can help me?
I have installed and configured sql server 2005 express edition with advanced services on an xp box, with the aim of using reporting services.
I have set up reporting services successfully using the report manager, with my web services id = netwrokservice.
I can access both the report manager and report url locally, i.e while using localhost anjd on the machine. The problem arises however when i try to access
the reports from another machine, as i get the message:
"The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)"
when going to for example:
I have looked at various sites (including microsoft) in an attempt to find a solution to this and most sites give exmaples of how to configure the full
version of reporting services which i do not have. The things that I have managed to gleam and try are:
- open up security on dir: C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportServer to everyone and allow all access
- added my own username as a new role assigment in the report manager page
- added my own username to the reportserveruser and reportingserviceswebservicesuser roles, as indicated by microft:
http://msdn.microsoft.com/en-us/library/ms365166.aspx, who state that "Custom authentication extensions and custom role assignments are not supported. You
must map existing Windows domain user and group accounts to predefined role definitions."
Can anyone suggest where to look next as I cannot believe that this should be this difficult?
Many Thanks in advance
Jan 22, 2008 10:38 PM|Nai-Dong Jin - MSFT|LINK
Based on the error message, it’s a security issue. If you want the access check against the logon user on the client machine, then this is an impersonation problem.
You are using Windows Authentication and disable the anonymous visiting, right? And what you are doing is to use a domain user to visit the reporting service, please check the following points:
1. Make sure that the web service username you set in reporting service configuration tool has been added into the corresponding ReportingService groups.
2. Please make sure that you have enable the impersonate in your config file.
<identity impersonate="true" />
Jan 23, 2008 09:36 AM|chambersshhh|LINK
Regarding your suggestions:
Can I supply any other info?
Jan 23, 2008 09:28 PM|Nai-Dong Jin - MSFT|LINK
The account what you are using is NT AUTHORITY\SYSTEM, which is a local account that has high-level rights on the local system but limited rights within the domain. If you are using Windows XP, try to make ASPNET account to be yuor webservice identity account.
Jan 31, 2008 06:52 AM|chambersshhh|LINK
soz for late reply had probs acessing net.
In regard to your suggestion:
I looked at this and have found similar threads elsewhere which state that u cannot change the account type from NT AUTHORITY\SYSTEM as this is greyed out and if you attempt to change this in the configuration file in the hope that this will change the
setting it gives an error (cross not a tick) against the web service account in reportiong services config tool.
I read from other sources that this is due to the version of iis, i.e. older versions automtically make the web service account machinename\aspnet whereas newer versions make this NT AUTHORITY\SYSTEM.
Oct 08, 2009 11:24 AM|sachith_chandrasiri|LINK
Go to the reporting services server.
Then select the particular report or the entire folder which contains the reports.
Select the properties tab on top and then the security tab in left.
Then click New Role Assignment.
In the text box provided type the username which you got in the error message:
"The permissions granted to user 'TO\username$' are insufficient for performing this operation. (rsAccessDenied)"
Then tick the Browser check box.
Oct 27, 2009 09:25 AM|samnz|LINK
I went through this issue & had a chance to read all the messages! All are informative!
Just to add my tip -:
1) Go to Report server
2) select your project folder
3) select properties tab, then click on Security option
(This is project level, if you want to give some specific report , open that report in rptserver
repeat from 3)
4) select new role assignment
add new domain users as Browser role
i.e, domain\Domain Users
Jun 25, 2010 12:52 PM|abuswell|LINK
I tried this before and received another error message -
The user or group name ''NET\MIDHOUHQAPV22$' is not recognized. (rsUnknownUserName)
I'm trying to run the report from an ASP.NET application and I'm using a report viewer on the calling page.
Thanks in advance for any oinsight to this problem.
Regards, Albert Buswell
Nov 06, 2013 11:09 AM|grondo37|LINK
Thanks very much!
Feb 02, 2015 01:00 PM|apontejr|LINK
Thanks sachith, Exactly what I needed!
Mar 03, 2015 03:58 PM|rkandepu|LINK
Hai did you get this fixed...I have the same problem..
Dec 10, 2015 04:51 PM|rioricorick|LINK
Thanks. This is what worked for me.
Oct 26, 2016 12:21 PM|bnarayan|LINK
I have used following steps and it is working for me.
Open Reporting Services Configuration Manager -> then connect to the report server instance -> then click on Report Manager URL.
In the Report Manager URL page, click the Advanced button -> then in the Multiple Identities for Report Manager, click Add.
In the "Add a Report Manager HTTP URL" popup box, select Host Header and type in: localhost Click OK to save your changes.
it is working fine for me on Internet Explorer and Google Chrome but not for Mozilla Firefox.
In a case of Firefox asking for username and Password I am providing it but it is not working. I am admin and have full right.
I have done 1 more change set "User Account Control Settings" to never notify.
If you are getting such type of exception while deploying this report from Visual Studio then do the following things:
3.Click on "New Role Assignment" add the then enter the user name and select the Roles .
Please also check that "User Account Control Settings" is set to never notify.