Microsoft – SQL Server – Reporting Services – Error – User does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.

Error Message

Textual:

Reporting Services Error
The permissions granted to user 'LABDomain\daniel' are insufficient for performing 
this operation. (rsAccessDenied) Get Online Help
SQL Server Reporting Services

Image:DoesNotHaveRequiredPermissions

Solution

Use Internet Explorer, to add Windows Users to Reporting Services \ Site Settings

As Microsoft SQL Services Reporting Services is predicated on Active Directory \ OS User Accounts, let us add those accounts.

The one browser that works reliably is Microsoft’s IE:

Launch IE, as Administrator

LaunchIEAsAdministrator

Access Reporting Services Default Page

In IE, enter your Report Manager URL
BTW, the Report Manager’s URL is available from “Reporting Services Configuration Manager”; specifically the “Report Manager URL” page.

Syntax:
http://[reportManagerURL]/Pages/Folder.aspx

Example:
http://DEVWindows/Reports_MSSQL2012/Pages/Folder.aspx

Reporting Services – Security Page

Access Reporting Services security page via:

  • From the top menu, access “Site Settings”
  • In the “Site Settings” page, access the “Security” tab

Site Settings \ Security Tab

Click on New Role Assignment.  Doing so will launch the “New System Role Assignment” window.

New System Role Assignment

Steps

  • In the “Group or user name” entry field, Enter “Group or user name”
  • In our case, we added both our domain username (LABDOMAIN\da) and the generic Windows User group (BUILTIN\Users)
  • In the Roles group box, please choose “System Administrator” and “System User
  • Press OK to confirm your changes 

NewSystemRoleAssignment

Site Settings \ Security Tab (Post Changes)

 Once you have added the users & groups, this is what the Security Screen looks like.

SiteSettings__Security__After

Add Basic Authentication to Report Server

Traditionally, Microsoft Reporting Services supports the following Authentication types:

  • RSWindowsNegotiate
  • RSWindowsKerberos
  • RSWindowsNTLM
  • RSWindowsBasic

But, RSWindowsBasic is deprecated and no longer supported.

In cases where a browser does not support Kerberos or NTLM, you need to enable RSWindowsBasic.

Please keep in mind that when RSWindowsBasic is used, passwords are sent in clear-text and so you want to consider HTTPS as compared to HTTP; this ensures that your username and passwords are encrypted while in passage.

Microsoft’s provides detailed instructions @

Configure Basic Authentication on the Report Server
http://msdn.microsoft.com/en-us/library/cc281309.aspx

To support RSWindowsBasic, please do the following:

  • Identify when RSReportServer.config is located for your install
  • Edit file using your editor; mine has been for many years now notepad++

Original:

ReportServer.Config__Original

Revised:

ReportServer.Config

The aforementioned web doc fully covers all the details of RSWindowsBasic along with the sub-tags.

If there are errors, they are logged in Instance specific Reporting Services Log folder and files; in our case that they are located in:

C:\Program Files\Microsoft SQL Server\MSRS11.MSSQL2012\Reporting Services\LogFiles

User Access Control Disabling for Specific Applications / WhiteList

Went down the path of trying to disable UAC for specific applications, but determined that the best documentation which does so via “Application Compatibility Toolkit” did not work for us.

We did not have to fully test the path, as we were able to test mid-way via the very good documentation.

Chrome / Windows Account Delegation

Also, tried out Google’s Chrome Kerberos account delegation. The relevant links are listed below.

Chrome / DevTools

Used Chrome Dev Tools to look deeper into the error message.

The tool is documented here:

Chrome Dev Tools
https://developers.google.com/chrome-developer-tools/

With the aid of the tool was able to capture the actual HTTP Error returned by the Reporting Services HTTP Endpoint:

ChromeDeveloper

From the Screen Shot above we can see that we are getting back HTTP/500.

Microsoft SQL Server – Track Down Help for Reporting Services (RS) – HTTP/500

Goggled for “Reporting Services” and HTTP 500 and found a very good Q/A at where else? StackOverflow.com

Reporting services URL HTTP 500 error
http://stackoverflow.com/questions/15501401/reporting-services-url-http-500-error

The wise one nvku says to turn on verbose/diagnostics on Reporting Services (RS).

Microsoft SQL Server – Reporting Services – Enable Diagnostic Level Logging

Found out the location of my ReportingServicesService.exe.config and changed it contents.

Nice instruction is available @

Report Server Service Trace Log
http://msdn.microsoft.com/en-us/library/ms156500(v=sql.110).aspx

Before Changes:

RSConfig_Before

After Changes:

RSConfig_After

The change was to change:

<add name="Components" value="all:3" />

to

<add name="Components" value="all:4" />

Depending on the version of Microsoft SQL Server reporting Services you ‘re running, the change you have to make will be a bit different; but true to XML verbosity and conciseness you are unlikely to have much problems.

Once change is effected, please restart you Reporting Services.  I prefer to do using the services applet; especially for services that are called different names based on SQL Instance and version:

Services

Microsoft SQL Server – Reporting Services – Reviewed Log File

With debug turned on, we have good and use-able data in our log files:

\Microsoft SQL Server\<SQL Server Instance>\Reporting Services\LogFiles




rshost!rshost!f2c!01/10/2014-17:57:07:: v VERBOSE: AcceptCallback(): accepted new 
connection pipeline=0x00000001781A4D80...
rshost!rshost!f0c!01/10/2014-17:57:07:: v VERBOSE: ThreadContinuePipeline: processing request on pipeline=0x00000001781A4D80, state=0, IOError=0, node=0.
rshost!rshost!f0c!01/10/2014-17:57:07:: v VERBOSE: Processing request pipeline=0x00000001781A4D80, callback=0x79b6a2e0, callback->pipeline=0x00000001781A4D80, id=18302628896371114021, connid=18302628895834243106 ...
runningrequests!ReportServer_0-1!f0c!01/10/2014-17:57:07:: v VERBOSE: User map'LABDOM\daniel http://SQLRS:8005/ReportServer_MSSQL20121'
library!ReportServer_0-1!f0c!01/10/2014-17:57:07:: i INFO: Call to GetItemTypeAction(/).
library!ReportServer_0-1!f0c!01/10/2014-17:57:07:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: , Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'LABDOM\daniel' are insufficient for performing this operation.;
rshost!rshost!f0c!01/10/2014-17:57:07:: v VERBOSE: HttpPipelineCallback::EndOfRequest(): continue pipeline=0x00000001781A4D80.
rshost!rshost!f2c!01/10/2014-17:57:07:: v VERBOSE: ThreadContinuePipeline: processing request on pipeline=0x00000001781A4D80, state=2, IOError=0, node=0.

Microsoft SQL Server – Reporting Services – Log File Contains GetItemTypeAction!

Log File contains “googlable” data:

"INFO: Call to GetItemTypeAction(/)"

Googled for it, and found help via posting:

The permissions granted to user ” are insufficient for performing this operation. (rsAccessDenied)

http://social.technet.microsoft.com/Forums/office/en-US/a2b49eb3-58d2-4e57-8b15-8bb565609176/the-permissions-granted-to-user-are-insufficient-for-performing-this-operation-rsaccessdenied?forum=sqlreportingservices

Sorin Andruseac answered his own question.  And, his answer is that I should:

  • Launch Microsoft IE has an Administrator (pass/bypass UAC)
  • Access the Reporting Services Reports Home page; please make sure this is Report’s Home Page and not the Reporting Services home page
  • Click on the “Folder Setting” icon
  • In the security tab, access “New Role Assignment”
  • In the “New Role Assignment” window, add the users and give them permissions – We chose to go with BUILTIN\USERS and granted them all permissions

Reporting Service – Reports Home Page

SQLServerReportingServices - Reports

Reporting Service – Reports Home Page – Security Tab

SQLServerReportingServices - Reports - Security

Reporting Service – Reports Home Page – New Role Assignment

SQLServerReportingServices - Reports - NewRoleAssignment


Microsoft SQL Server – Reporting Services

Retried via Google Chrome and we are good! I think quite a bit of my misfortune was my fault.  I should be a bit more specific as to whether I am trying to access “Report Server Web Services URL” or “Reports Manager”. They are two different functions and expose different URLs. I will come back and clean up this post!

Microsoft SQL Server – Reporting Services – Workarounds

This error is well covered and there was a connect item opened:


User does not have required permissions. Verify that sufficient permissions have beengranted and Windows User Account Control (UAC) restrictions have been addressed. by Nenea Nelu

http://connect.microsoft.com/SQLServer/feedback/details/622737/

Microsoft closed the Connect Item; and cited “As By Design” as closure reason.

 

Listening To

We are 9 months from the 4th quarter.  But, I already feel like it is September:


Johnny & Rosanne Cash – September When It Comes
http://www.youtube.com/watch?v=ORA4w0ZGKeI

References

References – Reporting Services – Configuration – Security – Windows Authentication

References – Reporting Services – Basic Authentication

References – Windows – Security – Groups

References – Windows – User Access Control (UAC)

References – Windows – Kerberos Delegation for Google Chrome

References – Google Chrome – HTTP Authentication

References – Microsoft IE – HTTP Authentication

References – Chrome Developer Tools

HTTP / 500 Error & Resolution

One thought on “Microsoft – SQL Server – Reporting Services – Error – User does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.

  1. There is a promlem with this windows installer package .A programe run as part of the setup did not finish as expected. please solve this

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s