I want to display SSRS reports with integrated mode in share point.
But when I set report server url in Share point then getting below error
The permissions granted to user 'XXXX' are insufficient for performing this operation. ---> Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'XXXX' are insufficient for performing this operation.
I am using windows credential user and have admin permission.
For connecting SSRS with Share point, you have to follow steps in share point
1. Create Service account for SSRS
2. Set Shared database setting in SSRS application
Then you have to pass the Share point URL into the VS project of SSRS under Deploy setting.
Quite a common ommision in SSRS setup is the provision of the SSRS Execution Account. might be worth confirming you have this setup.
Technet - SSRS Execution Account
Related
I've got an ssrs report server setup and the data sources are set to use the user's windows login. However when I try to setup a subscription it says it can't because the credentials aren't stored in the data source. Is there no way to have a subscription that uses a generic account but when run interactively it uses Windows username
I use a database account for running all of the reports. You'll have to set this up in each database. Then I have report folder permissions associated to Active Directory groups. I also use a domain service account for deploying the reports and setting up the subscriptions. That way if a member of the BI team leaves the company and their account is deactivated the subscription will still run.
Data Source Example:
I am trying to set up the scheduler for reports in SSRS.
I currently have read access to query the
database needed but I now need write permission to develop
and schedule reports according to this article.
What's the minimum database write permission that would allow me
to run and schedule reports in SSRS? I am using read
access just for using SSRS and not for any DBA work.
You don't need any database permissions to set up a schedule.
First, your SSRS reports live in the Report Server database specified in the Reporting Services Configuration Manager. If SSRS did not have write access to it's own Report Server database, you would not be able to create reports or any other content.
You are probably accessing another database with customer data with read only access. You do not need write access to this database to create schedules.
SSRS accesses the report server database via the account configured as a Service Account in the Reporting Services Configuration Manager.
You will have to have your user granted the necessary permissions in SSRS in order to create and modify schedules. You can configure that by clicking the gear at the top right. If you are in the Administrators group on the local machine you will have full admin rights to the SSRS portal (that is the BUILTIN\Administrators role and it will override any permissions set in SSRS).
Schedules execute via the SQL Server Agent on the SSRS SQL Server. Your service account should be able to create and execute jobs via SQL Server Agent.
If all of this is set up right and you're getting a specific error trying to create schedules, I encourage you to post that information.
Q1: why would I want to have an Unattended Execution Account?
Q2: if I don't use an Unattended Execution Account, which account is used to run the reports?
Q3: if i get the following error message when running a report:
"The report server has encountered a configuration error. Logon failed for the unattended execution account. (rsServerConfigurationError) Log on failed. Ensure the user name and password are correct. (rsLogonFailed) Logon failure: unknown user name or bad password".
I understand that the Unattended Execution Account user name and/or password is wrong. But, where is that user name and password used? I mean, should the Unattended Execution Account be added in SQL Server or is the user name and password stored in the report? Even if a change the user name and password in SSRS Configuration Tool, the report doesn't run. So, the old account information seem to be stored somewhere?
I've been googling around but I don't get the big picture.
Thanks!
The MSDN article has pretty detailed information about this.
From that the answers to your questions are:
Q1: You should set the Unattended Execution Account if you don't want to set credentials for data sources and want the data source to work even when users are not able to enter their credentials (subscriptions or other scheduled executions.)
From the linked MSDN article:
The unattended report processing account is used primarily to connect
to external servers, and not as a login to database servers. If you
want to use the account credentials to log in to a database, you must
specify credentials in the connection string. You can specify
Integrated Security=SSPI if the database server supports Windows
integrated security and the account used for unattended report
processing has permission to read the database.
Most SSRS installations do not need the Unattended Execution Account. They use the "Credentials stored securely in the report server" option in the data sources.
Q2: I'm not sure what "run the reports" means, but the SSRS Service account is always responsible for the rendering and delivery of the reports, whether an Unattended Exec Account is set or not. The connections to the data sources will use the credentials specified in the data source. Unattended Exec Account will only be used if the data source is set to "Credentials are not required."
Q3: This account may not be used at all, but SSRS still checks the credentials with the domain. If none of your data sources are set to "Credentials are not required" then I recommend you remove the account from the SSRS configuration.
Your questions are probably answered by this MSDN article. For Q1 "Why?":
Send connection requests over the network for reports that use database authentication...
Retrieve external image files that are used in report...
On question 2: the Unattended Execution Account doesn't determine who runs the report. It just determines the above two things. The report is executed by the Report Server, and that process is running under its own account you configured.
On question 3: see the "How Account Information is Stored" section in the linked question. I'm not sure why a change in the Config Tool wouldn't be immediately effective, you may have to debug that seperately (try to restart things once or twice, etc). If you can't figure that one out be sure to start a new SO question with the details on your situation.
We have a analysis services olap cube (SSAS 2008) deployed at a test server (MS Serve 2008) in our domain, you can browse the olap cube via ssms without problem. No problems with olap cube itself so far. The user account is admin on the analysis services server.
We also have reporting services (SSRS 2008) installed at the same test server and have a datasource inside the reporting services report that fetch data from the analysis service olap cube. We have set up windows integrated authentication setting but the user trying to connect trough reporting services report to the olap cube get access denied.
An error has occurred during report processing. (rsProcessingAborted)
Query execution failed for dataset 'DsMillCd'. (rsErrorExecutingCommand)
Either the user, KORSNET\TFMAN, does not have access to the AnalysisServices database, or the database does not exist.
If i try out the same olap cube and report trough business intelligence studio local its working, so it must be some setting on the reporting services server.
Do reporting services connect to the analysis services as a another domain account?
I have searched and googled for a answer for about 6 hours now without luck, i'm getting a bit frustrated to get this working.
I think its only a configuration setting that i have missed, so all suggestions are welcome...
Are you logged on as KORSNET\TFMAN?
If the datasource set up for the report is set to use the credentials of the user then it will attempt to authenticate to the database as that user.
Does IE show the site as being part of the local intranet? If not go into security settings and add it.
Does that user actually have permissions to read the database?
It could be the "double-hop" problem where credentials can be carried and used once, but not again, however I think this is unlikely in this situation.
I have a problem about the credential in reporting service..
When I choose option windows authentication for a report in SQL Server Reporting Services, only the administrator can view the report. The other users can't view the report. But when I set credential stored securely in the report server and enter the username and password, all users can view the report but some data of the report is not showing.
For your information, I have created the user in SQL Server and I have set the role and user mapping.
What should i do?
Based off of what you are saying I would guess that you have not added the users windows credentials to the proper group on the reporting server. The admin would have access as by default that role is already given permission in the proper groups.
Here is an article from Microsoft that explains this process.
http://msdn.microsoft.com/en-us/library/aa274425%28SQL.80%29.aspx
This is a good article on setting up role based security.
http://odetocode.com/articles/215.aspx
If I understand your question properly, you want to use your end-users' windows credentials from end-to-end with your reports. You do not want to specify a specify set of windows or SQL credentials to connect to your data source, you want to use the end users' credentials instead.
In order to accomplish this, you will need to grant the end-users rights to access your reports in SSRS as well as granting them rights to run the needed SQL on the underlying database.
Finally, if your SSRS instance is not running on the same server as your database, you may run into security delegation issues. You can read more about this topic by visiting http://support.microsoft.com/default.aspx?scid=kb;en-us;810572