question

RobertRichards-5986 avatar image
0 Votes"
RobertRichards-5986 asked Joyzhao-MSFT edited

Permission to run report in Reporting Services

I am a BUILTIN\Administrator and can perform everything I need to in Reporting Services.

I have developed a report for use by several users in the following folder structure on Reporting Services: http://MyServer/Reports/browse/Reports/XYZReports.
The users are in a network user group called XYZUsers.
They have read/write and execute permissions on the necessary objects on SQL Server.
In Reporting Services I have gone into the Security on the XYZReports folder and added the XYZUsers group with a role of Browser.

When the user(s) attempt to executed the report they get the following error:
• An error has occurred during report processing. (rsProcessingAborted)
o The permissions granted to user 'domain\user' are insufficient for performing this operation. (rsAccessDenied)

Is Browser the appropriate role to execute a report?
Does the user group need to be added elsewhere, or just on the folder (XYZReports) containing the report?

sql-server-reporting-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Joyzhao-MSFT avatar image
1 Vote"
Joyzhao-MSFT answered Joyzhao-MSFT edited

Hi @RobertRichards-5986
Whether the report contains a shared data set, grant the permissions of the data set to the user.

The permissions granted to user 'domain\user' are insufficient for performing this operation. (rsAccessDenied)

User'domain\user' does not have the necessary permissions to configure the permissions of other users.
Next, we follow three steps to assign appropriate permissions:

1. Trusted Site settings in the browser
2. Web portal folder settings
3. Web portal site settings

Trusted Site settings in the browser
1. Open a browser window with Run as administrator permissions. From the Start menu, right-click Internet Explorer, and select Run as administrator.
2. Select Yes when prompted to continue.
3. In the URL address, enter the web portal URL. For instructions, see The web portal of a report server (SSRS Native Mode).
4. Click Tools.
5. Click Internet Options.
6. Click Security.
7. Click Trusted Sites.
8. Click Sites.
9. Add https://<your-server-name>.
10. Clear the check box Require server certification (https:) for all sites in this zone if you are not using HTTPS for the default site.
11. Click Add.
12. Select OK.

Web portal folder settings
1. In the web portal, on the Home page, click Manage folder.
2. In the Manage folder page, click Security and then select Add group or user.
3. In the New Role Assignment page, in the Group or user field, type your Windows user account in this format: <domain>\<user>.
4. Select Content Manager.
5. Select OK.

Web portal site settings
1. Open your browser with administrative privileges and browse to web portal, https://<server name>/reports.
2. Select the gear icon on the top row the Home page and then Site Settings from the dropdown menu.
3. On the Site settings page, Select Security and then select Add group or user.
4. In the Group or user name field, type your Windows user account in this format: <domain>\<user>.
5. Select System Administrator.
6. Select OK.
7. Close web portal.
8. Re-open the web portal in Internet Explorer, without using Run as administrator.

Regards,
Joy

If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
What can I do if my transaction log is full?--- Hot issues November
How to convert Profiler trace into a SQL Server table -- Hot issues November

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RobertRichards-5986 avatar image
0 Votes"
RobertRichards-5986 answered Joyzhao-MSFT edited

I appreciate the answer. I believe I am clear on the Web Portal folder and Web Portal site answers, but I am still not clear on the following:

Are you saying:
1. Grant domain\user permissions to the shared data set.
2. On the domain\user's PC (that is, on the PC of the user who runs the report), add the server as a Trusted Site in their browser?


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
1. If the report uses a shared data set,grant the permissions of the data set to the user.
On a report server, shared dataset items can be used by multiple reports. You can secure shared datasets to control the degree of access that users have. By default, only users who are members of the Administrators built-in group can view shared datasets, modify properties, enable caching, create cache refresh plans, and delete the items. All other users must have role assignments created for them that allow access to a shared dataset.
To set security, create a role assignment that specifies which user or group account has access to the shared dataset
2.

Trusted Site settings in the browser

This scheme is suitable for browsing to the local report server and the user domain\user does not have the necessary permissions

If the answer is helpful, please click "Accept Answer" and upvote it.

1 Vote 1 ·