I am running into an error that I cannot seem to resolve. Basically, I am creating a report from a report model that I created within reporting services. So far I have been able to create a data source and then create a model based on it. So far, so good. I then go to report builder to create a report based on the model... again, so far, so good. However, I go to save it and get an error.
Server Error Unable to get catalog items from serverThe permissions granted to user ' ' are insufficient for performing this operation. The permissions granted to user ' ' are insufficient for performing this operation.---------
Exception of type 'Microsoft.ReportingServices.RsProxy.AccessDeniedException' was thrown.I know what you are thinking... the error seems self explanatory.
However, I checked the permissions all the way down the path and I can't figure out where the permissions need to be adjusted. I am able to save a report if I use the administrator account but that is not acceptable in this situation. I must figure out how to adjust the permissions so that it works with the least amount of permissions.Actually for kicks, I gave the user "content manager" permissions at the root (Home) but that didn't help either.We are using the "My Reports" feature and I have made sure that the minimum permissions are in place to use Report Builder (http://msdn2.microsoft.com/en-us/library/ms159667.aspx). We are running the latest service pack too. The path it is trying to save to is: Home > Users Folders > servername user > My Reports > ModelsWebInterfaceHome permissions: server\userClient (server group) has "View Folders Role"Users Folders permissions: server\userClient (server group) has "View Folders Role"server user permissions: server\userClient (server group) has "View Folders Role"My reports permissions: BUILTIN\Administrators Content Manager / server\user My Reports, Report Builder / server\userclient (server group) View Folders RoleModelsWebInterface permissions: BUILTIN\Administrators Content Manager / server\user My Reports, Report Builder / server\userclient (server group) View Folders Role
Any help is greatly appreciated!
~Des
I was able to figure this out with the help of a PSS tech… Here are the Default SSRS permissions when using the "My Reports" feature: The path – "Home > Users Folders > ServerName ServerUserAccount >My Reports" shows the following permissions: Folder name \ permissions----------Home \ view foldersUser folders \ No permissionsServerName ServerUserAccount \ No permissionsMy Reports \ My Reports,The fix was to add "View Folder" permissions to the "Users Folder" but it allows the "My Reports" feature to render useless as every user folder is now viewable by the specific user and/or group added to the "Users Folders" folder. I am still working with the PSS technician for a work around for that bug but I was able to get it working.
~Des
|||I had the same problem. Here's what worked for me. I'm still not sure it's the best way to solve it, but does seem to offer a little more security than the solution you indicated above. (That is, the "User's Folders" folder is not generically visible.)
The problem seemed to be that the Report Builder, by default, wanted to save in the "Models" directory. (I'm not sure why.) We just had to give *some* permission in that folder to the users; the least priviledged built-in role was "Report Builder" (which they already had anyway.) You may even be able to create a dummy role with no permissions and assign users to that role in the Models folder.
Anyhow, we created an "AdHoc Reporting" active directory group, and assigned that group the "Report Builder" role on the "Models" folder. Any user with the rights to run at least one report must be added to that group. They can now save reports in their "My Reports" folder. The only unfortunate thing is that now the "Models" folder is visible, but they can't see the items in their, or upload anything, or change permissions, so it seems secure.
Hope that helps.
No comments:
Post a Comment