Insufficient Permissions to Deploy Report

  • Hello -

    I have several reporting solutions connected to several different databases.  I have been creating reports and testing using a single machine.

    Last week, I finally rolled out a report for some internal people to view.  No body could view the report without entering their username (including domain) and password - that didn't fly.

    I found a thread that said to give the iusr_computername account anonymous access in IIS - reportserver and reports websites.  Wow!  this worked like a charm - all reports are now visable to everyone without having to type in their password.

    Today, I tried to deploy another report.

    I get the following error:

    "c:\documents and settings\username\my documents\pbfamily-newweb\pbfamilyreports\rBirthdaysByMonth3.rdl The permissions granted to user 'computername\IUSR_computername' are insufficient for performing this operation."

    I get the same error from any solution.

    I know it's a permission issue, but I'm not sure what to change.

    The iuser account was a guest.  I tried making it a power user and then an admin, just to see if that would solve the problem and it didn't.  I gave the iusr account modify rights to the c:\documents and settings\username\my documents folder and that didn't help.

    I'm afraid the error is that I selected the "let IIS control this password" checkbox in IIS and I don't know how to revert this decision.

    Any suggestions would be great!

    Thanks, Megan

    1. You should not be using anonymous access to the reports as that will allow everyone to view EVERY report.  I do not know of any where where there is not some sensitive data being reported. 
    2. You should be using Integrated Windows authentication on the Web Server
    3. You can then manage report security using Integrated Security using the Report Manager installed with Reporting Services.  See BOL for how to do this.  

    Report Manager is accessed by going to, if you used the defaults on the install, http://Server/Reports.  At the top level on the properties tab you can set security.  By default BuiltIn\Adminstrators is the only group set up.  You can add Windows Groups or Individuals at each level from home all the way down to individual reports.

    I hope this was helpful

  • Thanks for the reply.

    I tried setting up role-based security before I implemented anonymous access, but it doesn't seem to work.  Using report manager, I gave the security group (I previously set up in active directory) "Browser" access to the reports I wanted them to have access to.

    When they browse to the report manager, they have the option to click on the report, but after the report is clicked on, they get the following error:

    "An error has occurred during report processing. (rsProcessingAborted) Get Online Help

    Cannot create a connection to data source 'SDB'. (rsErrorOpeningConnection) Get Online Help Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. "

    I am logged on as the user in question and integrated security is implemented.

    What am I missing?

    Thanks in advance,

    Megan

  • That could be 2 issues:

    1. The users need rights to the data source and do not have it.
    2. You are using Integrated Security for the database connection and the user does not have rights.
  • The users definitely have access to the database.

    This is how I am granting access via the report manager:

    Go to report manager

    Click on a folder

    Click on Properties

    Click on Security

    Click Add New Assignment

    In the group or user name, I enter the domain\group - eg: pbtf\pbfamily access

    I select the role - "Browser" and Apply

    I have restarted the reporting server and IIS.

    I still get the error above.

    The only way I have gotten around this is to add the reportservercomputername\iusr_reportservercomputername account in as the anonymous access account into the reports and reportserver websites in IIS, but then I am unable to deploy new reports.

    catch-22.  Obviously, I have something messed up...

    Thanks for your help.

  • mvee,

    Did you ever come up with a solution.  I'm having exactly the same problem.  The only way I can deploy reports is to turn off anonymous access, deploy the report, then turn anonymous access again. If I don't turn anonymous access on, nobody can get to my reports.

     

    Thanks,

    Frank

  • Frank -

    Honestly, I gave up for a while because nothing was making sense to me - and when I came back to it, everything started working as it should.  I'm not sure if it was a Microsoft Auto-update, patch, upgrade, reboot, or what, but this is how I have things set and everything is a-ok.

    IIS permissions:

    Both Report and ReportServer websites are set to Integrated Windows Authentication.  Anonymous access is NOT checked.

    Report Server permissions:

    http://servername/reports - properties - security

    added [domain]\[ad group with access to database] as browsers for each group of reports

    http://servername/reports/reportfolder - properties - security

    added [domain]\[ad group with access to database] as browsers (for that group of reports)

    Also - site settings - site-wide security

    I added [domain]\domain users so everybody can at least see the folders to reports.  I don't know if this is necessary or not, but it works.  And if a user isn't in one of AD groups with access to the report groups, they can't run the reports.

    ReportServer Service permissions:

    ReportServer Service is set to logon using the system account

    Sorry if this was even more confusing.  Good luck.

    -Megan

  • Hi all,

    i have also encountered some problems with deploying the reports. Ok here goes the scenario:

    1. Created a local computer account in SQL server called "rptuser"  with user right.  

    Have also granted anonymous/default access for this account in IIS virtual directory /reports & /reportserver
     
    2. Then grants the browser role to rptuser in report manager

    3. Problem : Public web users able to view the report without the login challenge pop up window.

    However, an error was encounter when publishing the report through Visual
    Studio .Net 2003. The error message is : "Insufficient rights to perform this operation".
     
    Is there any solution where the public user will not see the login challenge pop up window and the administrator can publish the reports through Visual Studio.Net 2003?
     
    Any help will be appreciated . Thanks !
  • I'm not sure how to fix the problem.

    You can try disabling anonymous access in IIS and adding the domain users or a active directory security group to the report folder on the server.

    ?

    Good luck!

  • Not sure if it will help but I think the guys at ssw had some instructions/ideas for setting up a public and private (admin) sites for managing the RS server.  I can't seem to hit their site tonight but from google the address could be:

    http://www.ssw.com.au/ssw/Standards/Rules/RulesToBetterSQLReportingServices.aspx

    Steve.

  • Hi Steve,

    Thanks for the link. Have tried it out... it works. Thanks !

  • Hi,

    I ur solution, i read this

    ------------------------------------

    Report Server permissions:

    http://servername/reports - properties - security

    added [domain]\[ad group with access to database] as browsers for each group of reports

    http://servername/reports/reportfolder - properties - security

    added [domain]\[ad group with access to database] as browsers (for that group of reports)

    Also - site settings - site-wide security

    I added [domain]\domain users so everybody can at least see the folders to reports. I don't know if this is necessary or not, but it works. And if a user isn't in one of AD groups with access to the report groups, they can't run the reports.

    ReportServer Service permissions:

    ReportServer Service is set to logon using the system account

    ----------------------------

    I am using Windows XP sp2, SQL server express 2005, Visual Studio 2005.

    Can u help me with this solution step by step?

    Like

    how to do this?

    Report Server permissions:

    http://servername/reports - properties - security

    i am fighting with this since 10 days.

    Please help

  • U r a life saver.

    This solution worked fantastic. i was about to give up the whole 10 days r&d work on reporting services.

    Thanks a lot

Viewing 13 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic. Login to reply