Reporting Services Error The permissions granted to user 'LABDomain\daniel' are insufficient for performing this operation. (rsAccessDenied) Get Online Help SQL Server Reporting Services
Use Internet Explorer, to add Windows Users to Reporting Services \ Site Settings
As Microsoft SQL Services Reporting Services is predicated on Active Directory \ OS User Accounts, let us add those accounts.
The one browser that works reliably is Microsoft’s IE:
Launch IE, as Administrator
Access Reporting Services Default Page
In IE, enter your Report Manager URL
BTW, the Report Manager’s URL is available from “Reporting Services Configuration Manager”; specifically the “Report Manager URL” page.
Syntax: http://[reportManagerURL]/Pages/Folder.aspx Example: http://DEVWindows/Reports_MSSQL2012/Pages/Folder.aspx
Reporting Services – Security Page
Access Reporting Services security page via:
- From the top menu, access “Site Settings”
- In the “Site Settings” page, access the “Security” tab
Site Settings \ Security Tab
Click on New Role Assignment. Doing so will launch the “New System Role Assignment” window.
New System Role Assignment
- In the “Group or user name” entry field, Enter “Group or user name”
- In our case, we added both our domain username (LABDOMAIN\da) and the generic Windows User group (BUILTIN\Users)
- In the Roles group box, please choose “System Administrator” and “System User“
- Press OK to confirm your changes
Site Settings \ Security Tab (Post Changes)
Once you have added the users & groups, this is what the Security Screen looks like.
Add Basic Authentication to Report Server
Traditionally, Microsoft Reporting Services supports the following Authentication types:
But, RSWindowsBasic is deprecated and no longer supported.
In cases where a browser does not support Kerberos or NTLM, you need to enable RSWindowsBasic.
Please keep in mind that when RSWindowsBasic is used, passwords are sent in clear-text and so you want to consider HTTPS as compared to HTTP; this ensures that your username and passwords are encrypted while in passage.
Microsoft’s provides detailed instructions @
Configure Basic Authentication on the Report Server
To support RSWindowsBasic, please do the following:
- Identify when RSReportServer.config is located for your install
- Edit file using your editor; mine has been for many years now notepad++
The aforementioned web doc fully covers all the details of RSWindowsBasic along with the sub-tags.
If there are errors, they are logged in Instance specific Reporting Services Log folder and files; in our case that they are located in:
C:\Program Files\Microsoft SQL Server\MSRS11.MSSQL2012\Reporting Services\LogFiles
User Access Control Disabling for Specific Applications / WhiteList
Went down the path of trying to disable UAC for specific applications, but determined that the best documentation which does so via “Application Compatibility Toolkit” did not work for us.
We did not have to fully test the path, as we were able to test mid-way via the very good documentation.
Chrome / Windows Account Delegation
Also, tried out Google’s Chrome Kerberos account delegation. The relevant links are listed below.
Chrome / DevTools
Used Chrome Dev Tools to look deeper into the error message.
The tool is documented here:
Chrome Dev Tools
With the aid of the tool was able to capture the actual HTTP Error returned by the Reporting Services HTTP Endpoint:
From the Screen Shot above we can see that we are getting back HTTP/500.
Microsoft SQL Server – Track Down Help for Reporting Services (RS) – HTTP/500
Goggled for “Reporting Services” and HTTP 500 and found a very good Q/A at where else? StackOverflow.com
Reporting services URL HTTP 500 error
The wise one nvku says to turn on verbose/diagnostics on Reporting Services (RS).
Microsoft SQL Server – Reporting Services – Enable Diagnostic Level Logging
Found out the location of my ReportingServicesService.exe.config and changed it contents.
Nice instruction is available @
Report Server Service Trace Log
The change was to change:
<add name="Components" value="all:3" /> to <add name="Components" value="all:4" />
Depending on the version of Microsoft SQL Server reporting Services you ‘re running, the change you have to make will be a bit different; but true to XML verbosity and conciseness you are unlikely to have much problems.
Once change is effected, please restart you Reporting Services. I prefer to do using the services applet; especially for services that are called different names based on SQL Instance and version:
Microsoft SQL Server – Reporting Services – Reviewed Log File
With debug turned on, we have good and use-able data in our log files:
\Microsoft SQL Server\<SQL Server Instance>\Reporting Services\LogFiles
rshost!rshost!f2c!01/10/2014-17:57:07:: v VERBOSE: AcceptCallback(): accepted new connection pipeline=0x00000001781A4D80... rshost!rshost!f0c!01/10/2014-17:57:07:: v VERBOSE: ThreadContinuePipeline: processing request on pipeline=0x00000001781A4D80, state=0, IOError=0, node=0. rshost!rshost!f0c!01/10/2014-17:57:07:: v VERBOSE: Processing request pipeline=0x00000001781A4D80, callback=0x79b6a2e0, callback->pipeline=0x00000001781A4D80, id=18302628896371114021, connid=18302628895834243106 ... runningrequests!ReportServer_0-1!f0c!01/10/2014-17:57:07:: v VERBOSE: User map'LABDOM\daniel http://SQLRS:8005/ReportServer_MSSQL20121' library!ReportServer_0-1!f0c!01/10/2014-17:57:07:: i INFO: Call to GetItemTypeAction(/). library!ReportServer_0-1!f0c!01/10/2014-17:57:07:: e ERROR: Throwing Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: , Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'LABDOM\daniel' are insufficient for performing this operation.; rshost!rshost!f0c!01/10/2014-17:57:07:: v VERBOSE: HttpPipelineCallback::EndOfRequest(): continue pipeline=0x00000001781A4D80. rshost!rshost!f2c!01/10/2014-17:57:07:: v VERBOSE: ThreadContinuePipeline: processing request on pipeline=0x00000001781A4D80, state=2, IOError=0, node=0.
Microsoft SQL Server – Reporting Services – Log File Contains GetItemTypeAction!
Log File contains “googlable” data:
"INFO: Call to GetItemTypeAction(/)"
Googled for it, and found help via posting:
The permissions granted to user ” are insufficient for performing this operation. (rsAccessDenied)
Sorin Andruseac answered his own question. And, his answer is that I should:
- Launch Microsoft IE has an Administrator (pass/bypass UAC)
- Access the Reporting Services Reports Home page; please make sure this is Report’s Home Page and not the Reporting Services home page
- Click on the “Folder Setting” icon
- In the security tab, access “New Role Assignment”
- In the “New Role Assignment” window, add the users and give them permissions – We chose to go with BUILTIN\USERS and granted them all permissions
Reporting Service – Reports Home Page
Reporting Service – Reports Home Page – Security Tab
Reporting Service – Reports Home Page – New Role Assignment
Microsoft SQL Server – Reporting Services
Retried via Google Chrome and we are good! I think quite a bit of my misfortune was my fault. I should be a bit more specific as to whether I am trying to access “Report Server Web Services URL” or “Reports Manager”. They are two different functions and expose different URLs. I will come back and clean up this post!
Microsoft SQL Server – Reporting Services – Workarounds
This error is well covered and there was a connect item opened:
User does not have required permissions. Verify that sufficient permissions have beengranted and Windows User Account Control (UAC) restrictions have been addressed. by Nenea Nelu http://connect.microsoft.com/SQLServer/feedback/details/622737/
Microsoft closed the Connect Item; and cited “As By Design” as closure reason.
We are 9 months from the 4th quarter. But, I already feel like it is September:
Johnny & Rosanne Cash – September When It Comes
References – Reporting Services – Configuration – Security – Windows Authentication
- How to: Configure Windows Authentication in Reporting Services
References – Reporting Services – Basic Authentication
- Configure Basic Authentication on the Report Server
References – Windows – Security – Groups
- Well-known security identifiers in Windows Operating Systems
References – Windows – User Access Control (UAC)
- Selectively disable UAC for your trusted Vista applications (By Greg Shultz)
References – Windows – Kerberos Delegation for Google Chrome
- HOW TO: Configuring Google Chrome for Web Access Integrated Windows Authentication With Kerberos
- Chromium.org – Policy List – AuthNegotiateDelegateWhitelist
References – Google Chrome – HTTP Authentication
- The Chromium Projects – HTTP Authentication
References – Microsoft IE – HTTP Authentication
- SSRS 2008 not authenticating in IE but works in Firefox by Michael Alfaro
References – Chrome Developer Tools
- Chrome DevTools
HTTP / 500 Error & Resolution
- Report Server Service Trace Log
- Troubleshooting Report Manager Problems
- Reporting Services URL HTTP /500