SharePoint 2010: You See an Error Message About Insufficient Permssions When You Run a Report from a SharePoint Library

SharePoint 2010: You See an Error Message About Insufficient Permssions When You Run a Report from a SharePoint Library

Issue and Background

When you try to view an SSRS report from a SharePoint library, you see the following error message:

The permissions granted to user '[DOMAIN NAME]\[USER NAME] are insufficient for performing this operation. (rsAccessDenied)

 If you review the  IIS Log you will see the user requesting the report is registered as [Domain Name]\[User Name] while SharPoint is configured with just the [User Name], and the [Domain Name] is not explicitly included.

 
This mismatch in user identification, causes the failure as the report server does a string comparison between the it received and the one that is registered in Sharepoint. 

 For example, a  customer registers the Service Account for a Web Application without the domian name.  However the actual Application Pool identity in InetMgr was registed with the domain name. Currnetly, the SharePoint object model does not always store the Service Account name in a form that is a character for character match with the actual Application pool identity. Therefore, when the report server is comparing the two tokens, they do not match and the result is the Access Denied exception. being seen by the customer 


Work Around

Update the registration of the service account for the web application to include the domain name as well as the user name. 

SharePoint 2010 products (draft)

    1. Open SharePoint Central Administraion.
    2. In the Security section, click Configure Service Accounts.

MOSS 2007 and WSS 3.0 (draft)

  1.  
    1. Open SharePoint Cenral Administration.
    2. In the Operations section click Service Accounts.
    3. Choose the Web Application Pool as "Windows SharePoint Services Web
      Application
      Choose any of the application pool
      In the Configurable User Name we saw customer has a domain user name where he
      did not specify domain name. Eg: redmond\lakshmij, instead we saw just Lakshmj as
      the username.

Applies to 

  • SQL Server 2008 R2 Reporting Services
  • SQL Server 2008 Reporting Services
  • SQL Server 2005 Reporting Services     
     Integrated with
  • Microsoft Office SharePoint Server (MOSS) 2007
  • Windows SharePoint Services 3.0

 


See Also

 

External Links

Leave a Comment
  • Please add 3 and 2 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Patris_70 edited Revision 3. Comment: deleted (en-US) title

  • Craig Lussier edited Revision 2. Comment: added en-US to tags and title

Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Craig Lussier edited Revision 2. Comment: added en-US to tags and title

  • good post

  • Patris_70 edited Revision 3. Comment: deleted (en-US) title

Page 1 of 1 (3 items)