Only Able To Access Report Manager As Administrator
Sep 12, 2007
Hi,
I have Reporting Services set up with the permissions (via Right Click Server/Permisions in SSMS or System Role Assignments in Report Manager) set as follows:
BUILTINAdministrators - System Administrator
When logged in as an administrator I am able to access Report Manager, no problem.
However, I want to add a new group so that non-administrators can access Report Manager. However, whatever new item I add in the permissions appears to have no effect. For instance, if I add a permission for Users, i.e. :
BUILTINAdministrators - System Administrator
BUILTINUsers - System Administrator
I can still only access Report Manager as an administrator.. Any other user just gets the blank page.
I have tried creating a custom group, Report Users, with the same result.
I checked IIS to ensure anonymous access was turned off (this was an issue I had earlier on in my setup - it was turned on, but is now firmly off).
I don't know much about IIS, but I guess the problem is there somewhere. Does anybody have any idea what the problem could be and how I get around it?
I have recently installed from scratch RS 2003 on a WIN2003 SRV and got that the problem that the administrator cannot access or even see the regular administration toolbar and links at the Report Manager, such as Site Configuration, Upload New File, the common 'Contents | Properties ' tab, among other stuff. The only options available are 'Home', 'My Subscriptions' and 'Help', in the right superior link bar. I find this behaviour very strange, since the RS comes right out of the box configured with full access to administrator, but right now I CAN'T do any administration task on the RS Server.
Another strange behaviours I've found: - The few links that appear redirect to the internal ip address of the server. - When you call the '/ReportServer/ReportingService.asmx' it returns an XML document, not the usual browsing interface.
There's some information about the server configuration I think it might help: - IIS is running more than one website, and the RS server is not installed on the Default WebSite, wich is stopped. - SharePoint Services is running in the server, but not in the DefaultWebSite. - The security settings of the virtual directory of the Report Manager are configured to use Windows Authentication and are NOT configured to use anonymous authentication. - The server is published to the Internet.
There's some stuff that I tried and for now didn't worked: - Create the virtual directories in other websites. - Switch the attributes of the 'impersonate' attribute in Web.config file between true and false. - Enable anonymous authentication and use the administrator account to impersonate. - The steps described in the help article 'Troubleshooting a Side-by-Side Installation of Reporting Services and Windows SharePoint Services' - Reinstalling the RS product.
I need to prevent domain and local administrators from having full control over our report manager. (I want them to be assigned permissions just like everyone else, some reports they can see other reports they can not.)
How can I accomplish this? I tried going into Report Manager -> Site Settings -> Configure Site Wide Security and re-assigning BUILTINAdministrators to the System User role instead of the System Administrator role. (A different set of report manager admins was given the system administrator role).
However, it appears that members of the BUILTINAdministrators group still have full control in Report Manager.
I am running SQLExpress 2005 with Advanced Services SP2 I used the Reporting Services Configuration Tool to manually instal Report Manager to its default virtual directory. Got no error message. So far so good, but when I tried to start the manager by writing the URL (http://localhost/reports) in the address bar of my browser (iexplorer 7.0), I got the following error message:
XML-siden kan ikke vises Kan ikke vise XML-inndata ved hjelp av XSL-stilark. Rett opp feilen og velg deretter Oppdater eller prøv på nytt senere. Et navn ble startet med et ugyldig tegn. Feil under behandling av ressursen http://localhost/reports. Linje 1, Posisjon 2 <%@ Page language="c#" Codebehind="Home.aspx.cs" AutoEventWireup="false" Inherits="Microsoft.ReportingServices.UI.HomePag...
It is in norwegian so I try to translate it to the best of my ability: XML can't be translated by means of XSL style sheet. Invalid charater. Error occurred handling the resource http://localhost/reports Line 1 Posistion 2 <%@ Page language="c#" Codebehind="Home.aspx.cs" AutoEventWireup="false" Inherits="Microsoft.ReportingServices.UI.HomePag... There is a squiggly line under "c#" and "codebehind" as well.
I know very little of XML and XSL. What amends can I do to access the Manager? Please help somebody. Is it possible to use the Reporting Services Configuration once again to instal the Manager to another location?
I have just installed Reporting Services on a 2 server web farm. I can access http://virtualserver/reportserver but when I try to access http://virtualserver/reports, I get the following: The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Please try the following:
Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly. If you reached this page by clicking a link, contact the Web site administrator to alert them that the link is incorrectly formatted. Click the Back button to try another link. HTTP Error 404 - File or directory not found. Internet Information Services (IIS)
Technical Information (for support personnel)
Go to Microsoft Product Support Services and perform a title search for the words HTTP and 404. Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled Web Site Setup, Common Administrative Tasks, and About Custom Error Messages.
Hi, I'm a beginner on SQL Server Reporting Services field. I perform a full installation of SQL Server 2008 CTP6 Developer Editon on a clean Windows Server 2008 Enterprise machine. I log on to the machine using the built-in Administrator account so there is no UAC stuff. The Enhanced Security Configuration of IE is disabled. When I want to have a look at the Report Manager by typing http://localhost/Reports, it pops up an error says "The underlying connection was closed. Could not establish trust relationship for the SSL/TLS secure channel." It makes me confused so any help or suggestion is highly appreciated.
The following is a fraction of log file from Reporting Services: ... ReportingServicesService!resourceutilities!b5c!03/08/2008-14:25:57:: i INFO: Reporting Services starting SKU: Developer
ReportingServicesService!resourceutilities!b5c!03/08/2008-14:25:57:: i INFO: Evaluation copy: 165 days left
ReportingServicesService!appdomainmanager!4e4!03/08/2008-14:28:15:: i INFO: Appdomain:3 ReportManager_0-1-128494312954554272 started.
ReportingServicesService!appdomainmanager!4e4!03/08/2008-14:28:18:: i INFO: RS authentication mode is 5; effective ASP.NET authentication mode is Windows. vdir=/Reports.
ReportingServicesService!appdomainmanager!4e4!03/08/2008-14:28:18:: i INFO: Appdomain:3 ReportManager_0-1-128494312954554272 initialized (#1).
ReportingServicesService!appdomainmanager!e10!03/08/2008-14:28:26:: e ERROR: Remote certificate error RemoteCertificateNameMismatch encountered for url https://localhost/ReportServer/ReportService2005.asmx.
ReportingServicesService!ui!e10!03/08/2008-14:28:27:: e ERROR: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
ReportingServicesService!ui!e10!03/08/2008-14:28:27:: e ERROR: HTTP status code --> 500
-------Details-------- System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
I need to remove full admin privs from the builtinadministrator's group in report manager.
I tried removing the builtinadmin role from report manager and SQL Server, I removed it from the Site Settings area and from each individual folder's permissions.
Yet all the members of that group still have full run of the report server...
I even made a new folder that ONLY I am listed as having permissions to, yet they can see that as well...???
Hello all - this has now happened to me on a few occasions (different installs, different sites, etc.), but my client PCs cannot access Report Manager by the server's hostname (even though I can ping by hostname from the client).
For instance, if I try:
http://ovenserver/reports
I get the infamous "Internet Explorer cannot display the webpage" message.
If I try:
http://10.0.0.20/reports
The Report Manager loads properly without a hitch.
I know I am missing something simple here - can anyone help?
what is MS's strategy for having two off the shelf ways of getting at reports? In a typical company, is the average non administrator type user getting at his reports via one, the other, both?
We are currently having an issue with a Reporting Services deployment which is being accessed through Tivoli Access Manager (with a custom SSRS security extension).
When you try to launch Report Builder, we receive the following error when ClickOnce tries to validate the deployed app (Report Builder works fine when accessed outside of the Tivoli Access Manager environment):
ERROR DETAILS Following errors were detected during this operation. * [20/03/2008 2:49:35 PM] System.Deployment.Application.InvalidDeploymentException (HashValidation) - File, ReportBuilder.exe, has a different computed hash than specified in manifest. - Source: System.Deployment
Can anyone shed any light on what might be causing this?
All of the components (including the manifest) are downloaded to the client correctly so the authentication seems to be working and it works outside of TAM so there is no issue with the files on teh server having changed etc. either.
When I go into Report Manager, http://localhost/reports, and try running a report it is giving me this error message:
The request failed with HTTP status 401: Access Denied
But if I go directly to the Report Server, http://localhost/reportserver, and try running a report there then everything is fine.
Does anyone know why it is doing this all of a sudden? I did change the Reports app in ISS to allow anonymous access but have since changed it back, and it still gives this error.
For a long time I've had SQL Server 2000 with RS on a Server2003 machine. When I want to publish a report from my Dev box, I remove anon. access on the Production machine, deploy the report, then go into report manager to tweak a couple of parameters. I then re-enable anon. access so users can continue.
Yesterday, I removed anon. access and deployed the report but when I went into Report Manager I received the above error message... "The underlying connection was closed: An unexpected error occurred on a receive."
I can get into report manager with anonymous access enabled, but I don't have authority to do anything.
What's happened!!!? More importantly, how do I fix it?
Hello, I use SQL Server 2005 Express and VB.Net for my client server application. From a client machine, if the user is logged on as Windows Administrator, my application connects to the database server just fine. If the client is logged on as a non-administrator, then my app cannot connect. Here is my connection string:
I seem to have lost the ability to access the site settings as well as any security tabs and modify the properties under the directories etc...somehow i have lost administrator access , how do i get this back? I am still local administrator of the server reporting services is running on...only thing i can think off that could of done this is i installed Sharepoint onto the same machine and created a sharepoint site...are there things i can check in IIS or RS or etc to get this admin access back
We have an issue with accessing SQL Server 2000 where the access of data from the database is slow unless the user is logged in as an administrator to their computer.
The system is as follows: SQL Server 2000 on a W2K server. Users logging into a Win 2003 domain server. Users using W2K on their workstations. Application is VB.NET using the Enterprise Library Data Block, connection pooling ON, and windows authentication.
We are assuming that the issue is down to one of authentication and that when a user is set as an administrator then they have instant access. We have been able to replicate the issue using just SQL server on a W2K workstation and accessing from another W2K workstation. Again data access is way slow unless the account is an administrator.
This is a slight re-stating from an older thread, which I think warrants some new discussion. The answer has always been that system administrators should have full access to everything on a system, including databases.
Although that is a logical position for internal IT departments it doesn't quite fit the model of systems with outsourced or external system support.
"If you don't trust your DBA, then you need a new DBA. They are in a position of authority for a reason and restricting that authority makes it impossible for them to do the job they are hired to do."
What about scenarios where you have local machine administrators that should NOT be given access to private data in a secured database, even though they need to be able to access and maintain everything else? And unfortunately some regulations are written about access to stored data whether encrypted or not...
In the modern world of Sarbanes-Oxley and PCI-DSS/CISP it is no longer so cut and dried. Especially where companies have software/hardware support contracts with third parties that require administrative access to other aspects of the systems.
So accepting that you might need someone to have administrative level access to the box but they should not be able to view the contents of a database installed on that box, what would you do?
Is there a way to create an adminstrative group that does not allow access to a specific named instance of SQL?
Is there a way to revoke access for one member of the administrators group only?
Our DBA has installed reporting services on a server and now in order to access the report manager, one has to be an Admin on that Server. I am guessing that there is a mistake in the configuration of Reporting Services. Usually it should allow anybody who was added to the roles in the properties section of the Report Manager, right? I have also added the users to the DB..
Also I am using Windows Authentication to access Report Catalog items (Reporting Services is installed on Server2) from a web Application(deployed on Server1) and displaying the report using report viewer. For some reason, server1 has to be in an Admin role on Server2 to access the report catalog/report. This is kinda strange for me as I don't want everybody to be an Admin on Server2. Can anybody please point in the right direction?
We are trying to set up SQLAgent Proxy account. If the SQLServer service id is a domain admin, do we still have to add it to the local administrators group?
A user was created with a limited privilege under the USERS group. Once this user loged in the Report Manager he is acting like an Admin and Content Manager, though he is not given even a browser role.
What do u think that this guy is acting like a Super User evenif he is restricted to a browser role on the Report Manager ????????????
Please help! I am new in SQL Server 2000 Administration. My manager had ask me to manage a SQL Server, but Windows Adminstrator refuse to give me Local Admin rights. I only have sa account to login to databases. I don't know any excuses or reasons to give to Windows Adminstrator so that he can give me the local admin rights. If any one have this answer, please help. Thank you.
I have done the following and a domain user would not access report created a login to the SQL server to the user (this SQL Server is where data source DB is)went to site setting in Report Manager and made this use a system userright clicked on report folder and made this user in the browser roleeven checked that in the report in question, the user is already in the browser role Still the user would not access the report! "User .......... does not have required permission" is the error message I am getting.
I have written a report visual studio. The report has 10 multi-value parameters that pull data from their individual data sets within the reports. When running the report from within Visual Studio it renders fine. There are no errors reported, only a warning related to a pathname I have use to retrieve image data and display on the report.Deployment of the report is error free.When I view the report I briefly get the "Loading" splash window, but then nothing. None of the headers or static text is displayed. The results window is blank.
The report defaults all the parameter values. In trying to debug the issue I have found by reducing the number of parameter values the report will render. Once I have all the values added, the report does nothing.Below is the query being used for the report. The where clause in the query shows the parameters being used and the syntax.We are running on Windows Server 2008 R2 and SQL Server 2008 R2.
Ralph SELECT RTRIM(a.ITEMNMBR) AS Style, RTRIM(a.ITEMDESC) AS Description, a.ITMSHNAM AS UPC, c.LOCNCODE AS Store, d.LISTPRCE AS ListPrice, a.CURRCOST AS Cost, a.USCATVLS_1 AS [Main Category], a.USCATVLS_2 AS Market, a.USCATVLS_3 AS [Alternate Retail], a.USCATVLS_4 AS Country, b.ITEMXTRAS_1_Type AS Type, b.ITEMXTRAS_2_Finish AS Finish, b.ITEMXTRAS_3_SubCategory AS SubCategory, b.ITEMXTRAS_4_Department AS Department,
I am working on reports in SSRS 2008 (not R2)... There are some reports with parameters that are hidden when the report is accessed through normal URL using ReportViewer.asx..The thing is that these hidden parameters need to be visible when the report is accessed using SSRS Report Manager.
I'm trying to deploy Reporting Services on an Internet-facing web server using a custom security extension (forms authentication). We will be putting Report Manager on the Web Server outside of the firewall, and Report Server on another machine inside the firewall. When testing the solution in a development environment with Report Manager and Report Server on the same box, the solution works fine.
When testing it using the Internet-facing environment described above, it almost works but there seems to be an issue with the authentication cookie that is generated. Here's what happens:
1. User enters credentials on UILogon.aspx and submits form. 2. In the code-behind, LogonUser() is called through a web service proxy and the authentication cookie is returned successfully. The code used here to set the cookie is the same code used in the Forms Authentication sample that ships with RS2005. 3. The user is redirected to Folder.aspx, and the request hangs for a while, and eventually kicks you back out to UILogon.aspx, as if it lost the authentication cookie. When doing a trace on the HTTP header, the cookie is still there.
Is there anything special I need to do to make the Report Server "see" the cookie when I have Report Manager and Report Server on different machines?
I created a custom assembly using C# to transform some binary data into text, and in this assembly I used one win32 dll developed by our customer to help me to do the tranformation. The code I used to call the win32 dll is like below: [DllImport("tdasuie.dll", EntryPoint = "AlrtLogConditionToText", ExactSpelling = false, CharSet = CharSet.Auto, SetLastError = true)] private static extern UInt32 AlrtLogConditionToText(Byte[] pbCondition, StringBuilder pszText, UInt32 dwSize);
I defined a C# method to call the above win32 method and return a string. Then in the report, I called this C# method to get the correct string.
In the report designer, the C# method in the custom assembly can return the correct string in the preview window. But after I deployed the report into the report server, the textbox will only display "#error" in the report manager web page.
I am getting the following error when I attempt to deploy my test report.
"Failed to Deploy Report, The user 'XXX/IUSR_XXX' has insufficient rights to perform this action."
Has anyone gotten this error before, I have tried every permission option I could with the IUSR account by adding it to each folder etc ...and still get no resolve. Anyone have a fix for this bug ?
I have few reports under different folders in Report Manager. Is there a way to set the data source for the whole folder rather than each report individually? There is also a folder where reports generate dynamically. Since the report project doesn't exist anymore, I can't set the data source through code. How can I set the data source for the whole folder?
I added a new windows user "ReportUser" which is a local user (not in administrator group). When I connect to the report manage's web page, I use reportuser to log in (when the anonymous access is disabled it will ask a log in). Report builder icon is not showing up on the report manager home page.
If I log in as a user in administrator group, the reportr builder icon shows up so I can download it and build report.
I have assigned reportuser "Content manager" and "repoter builder" access to the home folder. Is there anything else I have to do to make the report build icon show up on the home page?
I was able to log in to SSRS report manager. But i was unable to run a report i designed on report builder.
It prompts for login when i wanted to run the report and i used the same windows authentication to sign in
It will show me the parameters but when i click on view report it gives this error
"Data source 'DataSource1': An error has occurred.
Details: Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: Cannot create a connection to data source 'DataSource1'. ---> System.Data.SqlClient.SqlException: Login failed for user 'Acc-11Admin'."