105
votes

I created a report model using SSRS (2005) and published to the local server. But when I tried to run the report for the model I published using report builder I get the following error.

Report execution error:The permissions granted to user are insufficient for performing this operation. (rsAccessDenied)

21
I found this helpful.... msdn.microsoft.com/en-GB/library/bb630430.aspx Windows presumes everyone is a standard user...Trabumpaline

21 Answers

98
votes

It's because of lack of privilege for the user you are running the report builder, just give that user or a group a privilege to run report builder. Please visit this article

Or for shortcut:

  1. Start Internet Explorer using "Run as Administrator"
  2. Open http://localhost/reports
  3. Go to properties tab (SSRS 2008)
  4. Security->New Role Assignment
  5. Add DOMAIN/USERNAME or DOMAIN/USERGROUP
  6. Check Report builder
18
votes

I know it's for a long time ago but you (or any other new comers) can resolve this issue by

  1. Add the [Domain\User] to Administrator, IISUser, SQLReportingUser groups
  2. Delete Encryption Key in SSRS configuration tools
  3. ReRun the Database Change in SSRS configuration tools
  4. Open WebServiceUrl from SSRS configuration tools (http://localhost/reportserver)
  5. creating Reports Folder manually
  6. go to Properties of created folder and add these roles to security (builtin\users , builtin\Administrator, domain\user)
  7. Deploy your reports and your problem resolved
18
votes

Right Click Microsoft BI -> Click Run as Administrator -> either open your existing SSRS report or create your new SSRS report and then deploy your report after that complied you will be received one web URL for to view your report. Copy that URL and paste to web browser(Run as Administrator) and you will get your report view. You could use Internet Explorer, which would be essential for web service

If it is wrong means,Please forgive me since i did like this so that i just written.

13
votes

Make sure you have access configured to the URL http://localhost/reports using the SQL Reporting Services Configuration. To do this:

  1. Open Reporting Services Configuration Manager -> then connect to the report server instance -> then click on Report Manager URL.
  2. In the Report Manager URL page, click the Advanced button -> then in the Multiple Identities for Report Manager, click Add.
  3. In the Add a Report Manager HTTP URL popup box, select Host Header and type in: localhost
  4. Click OK to save your changes.
  5. Now start/ run Internet Explorer using Run as Administator... (NOTE: If you don't see the 'Site Settings' link in the top left corner while at http://localhost/reports it is probably because you aren't running IE as an Administator or you haven't assigned your computers 'domain\username' to the reporting services roles, see how to do this in the next few steps.)
  6. Then go to: http://localhost/reports (you may have to login with your Computer's username and password)
  7. You should now be directed to the Home page of SQL Server Reporting Services here: http://localhost/Reports/Pages/Folder.aspx
  8. From the Home page, click the Properties tab, then click New Role Assignment
  9. In the Group or user name textbox, add the 'domain\username' which was in the error message (in my case, I added: DOUGDELL3-PC\DOUGDELL3 for the 'domain\username', in your case you can find the domain\username for your computer in the rsAccessDenied error message).
  10. Now check all the checkboxes; Browser, Content Manager, My Reports, Publisher, Report Builder, and then click OK.
  11. You're domain\username should now be assigned to the Roles that will give you access to deploy your reports to the Report Server. If you're using Visual Studio or SQL Server Business Intelligence Development Studio to deploy your reports to your local reports server, you should now be able to.
  12. Hopefully, that helps you solve your Reports Server rsAccessDenied error message...

Just to let you know this tutorial was done on a Windows 7 computer with SQL Server Reporting Services 2008.

Reference Article: http://techasp.blogspot.co.uk/2013/06/how-to-fix-reporting-services.html

6
votes

You can also make sure that the Identity in your Application Pool has the right permissions.

  1. Go to IIS Manager

  2. Click Application pools

  3. Identify the application pool of the site you are deploying reports on

  4. Check that the identity is set to some service account or user account that has admin permissions

  5. You can change the identity by stopping the pool, right clicking it, and selecting Advanced Settings...

Under Process Model is the Identity field

6
votes

I have used following steps and it is working for me.

Open Reporting Services Configuration Manager -> then connect to the report server instance -> then click on Report Manager URL.

In the Report Manager URL page, click the Advanced button -> then in the Multiple Identities for Report Manager, click Add.

In the Add a Report Manager HTTP URL popup box, select Host Header and type in: localhost Click OK to save your changes.

Then:

  1. copied the report server URL
  2. Run Google chrome/Internet Explorer as administrator
  3. Paste URL in address bar and press enter.

it is working fine for me on Internet Explorer and Google Chrome but not for mozilla Firefox.

In case of Firefox asking for username and Password I am providing it but it is not working. I am admin and have full right.

I have done 1 more change set "User Account Control Settings" to never notify.

If you are getting such type of exception while deploying this report from Visual Studio then do the following things:

  1. Open Google chrome/Internet Explorer with administrator right.
  2. open report server URL in it.

3.Click on "New Role Assignment" add the then enter the user name and select the Roles .enter image description here

  1. click ok.
  2. Now deploy the report from Visual studio it will work and deploy the reports at specified server.
5
votes

under Site setting in Reports manager >Configure system-level role definitions > check ExecuteReport Defination option then Create a System UserGroup, Give the access to that group at Connect to your reporting Services Data base in server properties and add a group and permite the access as System User... It should work

5
votes

I have SQL2008 / Windows 2008 Enterprise and this is what I had to do to correct the rs.accessdenied, 404, 401 and 503 errors:

  • Added NT Users to SQL Report Server Users and IIS_USR Group
  • I changed SQL Reporting Service to Local account (it was Domain with Local Admin)
  • I deleted encryption key in Reporting Services Configuration (last tab on the list)
  • and THEN it worked.
5
votes

Open internet explorer as administrator.

Open the reports url http://machinename/reportservername

then in 'folder settings' give permission to required user-groups.

4
votes

Old but relevant issue. I solved for 2012 by logging in to the reporting server and:

  • browse to http://localhost/reports/
  • Click 'Site Settings' in the top-right (was only available when logging in to the report server)
  • Go to the 'Security' tab and click 'New Role Assignment'
  • Added my DOMAIN\USERNAME as a System Administrator

Can't say that I'm comfortable with this solution, but I needed something that worked and it worked. Hope this helps someone else.

4
votes

After setting up SSRS 2016, I RDP'd into the server (Windows Server 2012 R2), navigated to the reports URL (https://reports.fakeserver.net/Reports/browse/) and created a folder title FakeFolder; everything appeared to be working fine. I then disconnected from the server, browsed to the same URL, logged in as the same user, and encountered the error below.

The permissions granted to user 'fakeserver\mitchs' are insufficient for performing this operation.

Confused, I tried pretty much every solution suggested on this page and still could not create the same behavior both locally and externally when navigating to the URL and authenticating. I then clicked the ellipsis of FakeFolder, clicked Manage, clicked Security (on the left hand side of the screen), and added myself as a user with full permissions. After disconnecting from the server, I browsed to https://reports.fakeserver.net/Reports/browse/FakeFolder, and was able to view the folder's contents without encountering the permissions error. However, when I clicked home I received the permissions error.

For my purposes, this was good enough as no on else will ever need to browse to the root URL, so I just made a mental note whenever I need to make changes in SSRS to first connect to the server and then browse to the Reports URL.

3
votes

Problem:

Error rsAccessDenied : The permissions granted to user 'User\User' are insufficient for performing this operation.

Solution:

Click "Folder Setting" > "New Role Assignment" Then type "User\User" in the 'Group or user name text box'. Check the Roles check boxes that you would want the user to have.

2
votes

What Worked for me was:

Open localhost/reports
Go to properties tab (SSRS 2008)
Security->New Role Assignment
Add DOMAIN/USERNAME or DOMAIN/USERGROUP
Check Report builder
2
votes

This worked for me- -go to the report manager, check site settings-> Security -> New Role Assignment-> add the user

-Also, go to Datasets in report manager -> your report dataset -> Security -> New Role Assignment -> add the user with the required role.

Thanks!

2
votes

I know it's for a long time ago but may be helpful to any other new comers,

I decided to pass user name,password and domain while requesting SSRS reports, so I created one class which implements IReportServerCredentials.

 public class ReportServerCredentials : IReportServerCredentials   
{
    #region  Class Members
        private string username;
        private string password;
        private string domain;
    #endregion

    #region Constructor
        public ReportServerCredentials()
        {}
        public ReportServerCredentials(string username)
        {
            this.Username = username;
        }
        public ReportServerCredentials(string username, string password)
        {
            this.Username = username;
            this.Password = password;
        }
        public ReportServerCredentials(string username, string password, string domain)
        {
            this.Username = username;
            this.Password = password;
            this.Domain = domain;
        }
    #endregion

    #region Properties
        public string Username
        {
            get { return this.username; }
            set { this.username = value; }
        }
        public string Password
        {
            get { return this.password; }
            set { this.password = value; }
        }
        public string Domain
        {
            get { return this.domain; }
            set { this.domain = value; }
        }
        public WindowsIdentity ImpersonationUser
        {
            get { return null; }
        }
        public ICredentials NetworkCredentials
        {
            get
            {
                return new NetworkCredential(Username, Password, Domain);
            }
        }
    #endregion

    bool IReportServerCredentials.GetFormsCredentials(out System.Net.Cookie authCookie, out string userName, out string password, out string authority)
    {
        authCookie = null;
        userName = password = authority = null;
        return false;
    }
}

while calling SSRS Reprots, put following piece of code

 ReportViewer rptViewer = new ReportViewer();
 string RptUserName = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportUser"]);
        string RptUserPassword = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportUserPassword"]);
        string RptUserDomain = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportUserDomain"]);
        string SSRSReportURL = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportURL"]);
        string SSRSReportFolder = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportFolder"]);

        IReportServerCredentials reportCredentials = new ReportServerCredentials(RptUserName, RptUserPassword, RptUserDomain);
        rptViewer.ServerReport.ReportServerCredentials = reportCredentials;
        rptViewer.ServerReport.ReportServerUrl = new Uri(SSRSReportURL);

SSRSReportUser,SSRSReportUserPassword,SSRSReportUserDomain,SSRSReportFolder are defined in web.config files.

2
votes

The report might want to access a DataSource or DataView where the AD user (or AD group) has insuficcient access rights.

Make sure you check out the following URLs:

  • http://REPORTSERVERNAME/Reports/Pages/Folder.aspx?ItemPath=%2fDataSources
  • http://REPORTSERVERNAME/Reports/Pages/Folder.aspx?ItemPath=%2fDataSets

Then choose Folder Settings

Folder Settings

(or the appropriate individual DataSource or DataSet) and select Security. The user group needs to have the Browser permission.

enter image description here

1
votes

Just like Nasser, I know this was a while ago but I wanted to post my solution for anyone who has this problem in the future.

I had my report setup so that it would use a data connection in a Data Connection library hosted on SharePoint. My issue was that I did not have the data connection 'approved' so that it was usable by other users.

Another thing to look for would to make sure that the permissions on that Data Connection library also allows read to the select users.

Hope this helps someone sooner or later!

1
votes

For SQL Reporting Services 2012 - SP1 and SharePoint 2013.

I got the same issue: The permissions granted to user '[AppPoolAccount]' are insufficient for performing this operation.

I went into the service application settings, clicked Key Management, then Change key and had it regenerate the key.

1
votes

Thanks for Sharing. After struggling for 1.5 days, noticed that Report Server was configured with wrong domain IP. It was configured with backup domain IP which is offline. I have identified this in the user group configuration where Domain name was not listed. Changed IP and reboot the Report server. Issue resolved.

0
votes

What worked for me was:

  • Go to Site Setting
  • Click on "Configure site-wide security"
  • Click "New Role Assignment" button in top bar
  • Give the new role the following name "Everyone"
  • Of the available roles, grant it "System User" only
  • Click "Apply"

That should do it,

Good luck!

0
votes

Run BIDS as administrator despite of existing membership of Administrators group.