We have a client-server product making use of SSRS. We have done dozens of installs, all with no issues, until this one. We have created an NT account specifically to run our reports. We'll call it "ReportUser". We have made it a local account on the server with the appropriate access to run reports. We set it up as the execution account and gave it the necessary permissions on the SQL Server. When we log onto http://localhost/reportserver on the server, we can access and run reports just fine. However, when we run it from a client through http://<servername>/reportserver, we receive the RSAccessDenied error. However, it does not list the execution account (i.e. <servername>ReportUser) as the prolem, but instead the given user's username (i.e. <domain><username>).
As a side note, we also cannot access the Report Manager from anywhere. We log onto it from the server even, and it only shows the Top portion of the screen. No published reports, no menu options, nothing.
We cannot set the "Unattended Execution Account" on any Sql Server 2005 Report Server. This problem occurs on new installations and existing installations of Report Server. We have several servers that have the account already set from prior install and configuration, but now it cannot be changed. No domain policy changes have been applied, only MS Patches.
All attempts to set the account using the Report Server config tools return a UnauthroizedAccessException, as shown below. I have been unable to find any documentation on the permissions required for this action. Can anybody help?
System.UnauthorizedAccessException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementObject.InvokeMethod(String methodName, ManagementBaseObject inParameters, InvokeMethodOptions options) at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.SetUnattendedExecutionAccount(String userName, String password)
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
Hi i am having this error when i am running my default1.aspx page in localhost.I am using sql server 2005 reporting services and i have made one report in business intelligence tools reporting service through wizard.And deploy it it is running in report server.I am using one page that is default1.aspx and using report viewer and set the path that is debugging and showing that report but when i am running that in url write http://localhost/testdemo/default1.aspx so it is giving error that error is"The Permission Granted to user "UserName/ASPNET" is insufficient for performing this operation.(rsAccess Denied) Please help me to solve this problem.
I have a reportViewer control on a webform. In my partial class I set the report path, server and parameters in the Page_Load. When I run the report I get this error:
The permissions granted to user 'NT AUTHORITYNETWORK SERVICE' are insufficient for performing this operation. (rsAccessDenied)
Here is my code:
Dim u As New UriTypeConverter Dim ReportParameters(0) As ReportParameter
The permissions granted to user '[user]' are insufficient for performing this operation. (rsAccessDenied) Get Online Help
I have given role (literally every possible role just to see) access in SQL Manager without success. And the permissions on the directory were set to Everyone Full Control (just to try to get it to work).
I am new to Reporting Services 2005, so please bare with me. I have set up a new report that runs fine when I run it, but I am the administrator on the server. When I have a user go to the same web page and attempt to run the report, they receive an error that says something along the lines of "User account 'DomainNameUserName' does not have sufficient access to ReportServer... rsAccessDenied." I have seen several threads on the web that point to IIS, and some that point to the "Reporting Services Configuration Manager" under "Windows Service Identity". In my Windows Services Identity, I have the server set up as "Built-in Account = 'Local System'". Everything seems to be running perfect for me, I just can€™t seem to get non-admin accounts to run reports from there local workstations. Please let me know what my settings should be on the server. Like I said, the web page comes up fine for all users, but when they click on the hyperlink that runs the report, they receive the Reporting Services error message, but it runs fine for me. Your help would be greatly appreciated.
I have installed SSRS and created a .net application... now when I try to open the report viewer, I get the error " the permission granted to user 'domainuser' are insufficient for performing this operation. (rsAccessDenied)" I have searched the net hi and low and cant seem to find an adequate answer... something to do with roles or permissions? I have assigned permissions to this user on the ssrs database, yet I still cant seem to view the report. It works fine in my test environment (as it usually does ) any help on this would be greatly appreciated as to be honest, I dont really know what im doing here.
When I try to deploy one of my Reports I receive the following error :
Deploying to http://localhost/ReportServer
Error rsAccessDenied : The permissions granted to user 'BOGDANIUSR_BOGDAN' are insufficient for performing this operation.
That is because I configured IIS for those 2 folders ReportServer and Reports to accept anonymous . If I turn anonymous off and let windows authentification on he lets me to deploy the project , but I can see anymore http://localhost/Reports and http://localhost/ReportServer because he asks for password and I don't have any password set for the computer , nor for SQL Server . I just use Windows Authentification for all.
I searched through this forum but nothing is significant related to my problem
What is wrong here ?
Thanks
edit: I also changed in Reporting Server configuration , Windows Service Identity to Network service and implicit the account to : NT AuthorityNetworkService .
If I allow anonymous access from IIS to the Reports folder , then he loads but he shows me only the title and Home , Subscription links from de top right corner , nothing else ( no Properties tab , no nothing ) . Anyway there must be another way then selecting anonymous user , because the default was not selected .
I have been running a script in SQL Server 2000 as sa also as a Active Directory user who has administrator rights (I tested both approaches SQL Server then Windows Authentication) in Query Analyser which grants execute rights to the stored procedures within the database instance and Query Analyser does not give any errors when I run the script. I have made sure that each transaction has a go after it. I then return to Enterprise Manager, check the rights (I apply them to roles so that when we create another SQL Server user we just grant him/her rights to the role) and discover that the role has not been granted the rights. I seems to be occurring only with 2 of the procedures. Is there a known bug that might be causing this?
I'm trying to get the CustomSecurity sample in Reporting Services to work [C:Program FilesMicrosoft SQL Server90SamplesReporting ServicesExtension SamplesFormsAuthentication SamplecsFormsAuthentication] but I keep on getting the following message:
The permissions granted to user 'Admin' are insufficient for performing this operation. (rsAccessDenied)
I have given <servername>ASPNET execute permissions. I have successfully created a new user "Admin".
However, when I then try to logon to either ReportServer [http://miles/ReportServer/logon.aspx] or ReportManager [http://miles/Reports/pages/uilogon.aspx] I get the above error.
I'm using SQL 2005 Developer edition and XP professional.
"http://localhost/MyTrail/Default2.aspx" when i am running this so i will give me error that is"The Permission granted to user"UserName/ASPNET" is insufficient for performing this operation.(rsAccessDenied) Please help me to solve this problem... I did settiings on Report manager. 1- Set the role as a Browser. 2-In IIS anonymous settings
I have created a report using Microsoft Sql Server 2005 Reporting in my ASP.NET 2.0 Web application. It is succesfully running on the server itself on which I have created. But when I am trying to access it from my client machine by typing URL in the IE6 it gives me following error.
"The permissions granted to user 'NT AUTHORITYNETWORK SERVICE' are insufficient for performing this operation. (rsAccessDenied) "
I have created a Report Model and published it on our QA environment Report Server(Where I dont have admin access). When I try to launch the Report Builder tool and create a sample report and Run the report it gives me this error. "The permissions granted to user 'Domainname/user group' are insufficient for performing this operation. (rsAccessDenied)" I checked with the Admins on this server the usergroup has a "Browser" Role. I had read on some online fourm that if user group has browser role it should work. But I cant get it work any help is appreciated.
I have published the same Report Model in Deveploment environment report server(where I have admin access) and when I do the same thing I am able to run the reports.
Some one please help me its causing delay in our testing.
I have several DTS jobs that runs well as a job with my nt login account for the SQL agent service startup account, but if I use the System account they fail with this error. " Error opening datafile: Access is denied. Error source: Microsoft Data Transformation Services Flat File Rowset Provider"
The data has change access to the System account under the NT security.
Basically a dts package has been setup that pulls in data from another companies server, this data requires to be on-demand i.e individual users can pull in updates of the data when they require it.
I am using xp_cmdshell and dtsrun to pull in the data. This obviouly works fine for me as i am a member of sysadmin.
Books online quotes " SQL Server Agent proxy accounts allow SQL Server users who do not belong to the sysadmin fixed server role to execute xp_cmdshell"
So i went to the SQL Server Agent Properties 'Job System' tab and unchecked 'Non-sysadmin job step proxy account' and entered a proxy account.
The proxy account has been setup as a Windows user with local administrator privilages and even a member of the sysadmin server role - just in case.
Now when i log onto the db with my test account - a non-sysadmin - and attempt to run the stored proc to import the data i recieved the message 'EXECUTE permission denied on object 'xp_cmdshell', database 'master', owner 'dbo' '
hmm... so basically i have either misunderstood BoL or there is something not quite right in my setup.
I have search the net for a few days now and yet i can find no solution.
Hi there,BOL notes that in order for replication agents to run properly, theSQLServerAgent must run as a domain account which has privledges to loginto the other machines involved in replication (under "SecurityConsiderations" and elsewhere). This makes sense; however, I waswondering if there were any repercussions to using duplicate localaccounts to establish replication where a domain was not available.Anotherwords, create a local windows account "johndoe" on both machines(with the same password), grant that account access to SQL Server onboth machines, and then have SQL Server Agent run as "johndoe" on bothmachines. I do not feel this is an ideal solution but I havecircumstances under which I may not have a domain available; mypreliminary tests seem to work.Also, are there any similar considerations regarding the MSSQLSERVERservice, or can I always leave that as local system?Dave
The Report server is configured to use a custom security extension. i can access the reportserver.
It looks like when i deploy the reports from VS. it does not pass any credentials to the report server. From the error message it looks like there is no username . How do i deploy reports to report server if we are using a custom security extension. How do i grant user rights to deploy report if we are using a custom security extension. Any idea. Thanks!
I have installed and configured sql server 2005 express edition with advanced services on an xp box, with the aim of using reporting services.
I have set up reporting services successfully using the report manager, with my web services id = netwrokservice.
I can access both the report manager and report url locally, i.e while using localhost anjd on the machine. The problem arises however when i try to access
the reports from another machine, as i get the message:
"The permissions granted to user 'domainusername' are insufficient for performing this operation. (rsAccessDenied)"
I have looked at various sites (including microsoft) in an attempt to find a solution to this and most sites give exmaples of how to configure the full
version of reporting services which i do not have. The things that I have managed to gleam and try are:
- open up security on dir: C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportServer to everyone and allow all access - added my own username as a new role assigment in the report manager page - added my own username to the reportserveruser and reportingserviceswebservicesuser roles, as indicated by microft:
http://msdn2.microsoft.com/en-us/library/ms365166.aspx, who state that "Custom authentication extensions and custom role assignments are not supported. You
must map existing Windows domain user and group accounts to predefined role definitions."
Can anyone suggest where to look next as I cannot believe that this should be this difficult?
Hi, I've scoured the forums and tried just about every answer to this problem without any success. What I have is SQL Server 2005 installed on a single machine, and trying to deploy reports to the same machine for testing purposes. When I try to deploy the report I receive the permissions error. Here's what I've gotten to at this point:
I can get to the reports URL (http://machine/Reports)
I can login to Reporting Services via SQL Server Management Studio as the administrator. (Windows Authentication)
I have added my login to the Home Folder-->Permissions in SQL Server Management Studio, and all reports are set to inherit the home folder's permissions
In Reporting Service Configuration Manager the Windows Service Identity is set to Local System, and for web service identity - ASP.NET Service Account is set to NT AuthorityNetworkService; Report Server and Report Manager are set to DefaultAppPool.
In IIS I tried enabling Anonymous Authentication
Current Application pools are set to "Classic" for Managed Pipeline mode (I did this to actually be able to login to Reporting Services via SQL Server management studio; having this set to integrated gives me an error) What gets me is that this is entirely self-contained on one machine, that I set up as an administrator. So why do I get a permissions error when I am the admin on this machine deploying to this machine?
i finally got SSRS(SQL Server Reporting Services) to install properly and and it was working before i had to restart my PC after restarting my PC i went back to the Domain/Reports$SQLExpress and the menus where Blank it just showed the help link and the border. so i opened the Domain/ReportServer$SQLExpress and it said
The permissions granted to user 'DOMAINOwner' are insufficient for performing this operation.(rsAccessDenied) Get Online Help and there is no Login Box Popping up How do i get it to Login - Its set to use Windows Authentication what sould i doo please help ive had one problem after another with this SSRS
I have a situation that I have discovered in our QA database that I need to resolve. When I looked at the Activity Monitor for our server, I discovered that a process is running under a domain user account for one of our .Net applications. The problem is that that domain user account has not been created as a SQL login account on the server. I am trying to figure out how someone can log in to the database server with a domain user account that has not been added to SQL Server as a login account.
Does anyone have any insight on this? I don't like the idea of someone being able to create domain account that can access the database without me granting them specific access.
after moving off VS debugger and into management studio to exercise our SQLCLR sp, we notice that the 2nd execution gets an error suggesting that our static SqlCommand object is getting reused from the 1st execution (of the sp under mgt studio). If this is expected behavior, we have no problem limiting our statics to only completely reusable objects but would first like to know if this is expected? Is the fact that debugger doesnt show this behavior also expected?
Hi I am slowly getting to grips with SQL Server. As a part of this, I have been attempting to work on producing more efficient queries. This post is regarding what appears to be a discrepancy between the SQL Server execution plan and the actual time taken by a query to run. My brief is to produce an attendance system for an education establishment (I presume you know I'm not an A-Level student completing a project :p ). Circa 1.5m rows per annum, testing with ~3m rows currently. College_Year could strictly be inferred from the AttDateTime however it is included as a field because it a part of just about every PK this table is ever likely to be linked to. Indexes are not fully optimised yet. Table:CREATE TABLE [dbo].[AttendanceDets] ([College_Year] [smallint] NOT NULL ,[Group_Code] [char] (12) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,[Student_ID] [char] (8) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,[Session_Date] [datetime] NOT NULL ,[Start_Time] [datetime] NOT NULL ,[Att_Code] [char] (1) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ) ON [PRIMARY]GO CREATE CLUSTERED INDEX [IX_AltPK_Clust_AttendanceDets] ON [dbo].[AttendanceDets]([College_Year], [Group_Code], [Student_ID], [Session_Date], [Att_Code]) ON [PRIMARY]GO CREATE INDEX [All] ON [dbo].[AttendanceDets]([College_Year], [Group_Code], [Student_ID], [Session_Date], [Start_Time], [Att_Code]) ON [PRIMARY]GO CREATE INDEX [IX_AttendanceDets] ON [dbo].[AttendanceDets]([Att_Code]) ON [PRIMARY]GOALL inserts are via an overnight sproc - data comes from a third party system. Group_Code is 12 chars (no more no less), student_ID 8 chars (no more no less). I have created a simple sproc. I am using this as a benchmark against which I am testing my options. I appreciate that this sproc is an inefficient jack of all trades - it has been designed as such so I can compare its performance to more specific sprocs and possibly some dynamic SQL. Sproc:CREATE PROCEDURE [dbo].[CAMsp_Att] @College_Year AS SmallInt,@Student_ID AS VarChar(8) = '________', @Group_Code AS VarChar(12) = '____________', @Start_Date AS DateTime = '1950/01/01', @End_Date as DateTime = '2020/01/01', @Att_Code AS VarChar(1) = '_' AS IF @Start_Date = '1950/01/01'SET @Start_Date = CAST(CAST(@College_Year AS Char(4)) + '/08/31' AS DateTime) IF @End_Date = '2020/01/01'SET @End_Date = CAST(CAST(@College_Year +1 AS Char(4)) + '/07/31' AS DateTime) SELECT College_Year, Group_Code, Student_ID, Session_Date, Start_Time, Att_Code FROM dbo.AttendanceDets WHERE College_Year = @College_YearAND Group_Code LIKE @Group_CodeAND Student_ID LIKE @Student_IDAND Session_Date <= @End_DateAND Session_Date >=@Start_DateAND Att_Code LIKE @Att_CodeGOMy confusion lies with running the below script with Show Execution Plan:--SET SHOWPLAN_TEXT ON--Go DECLARE @Time as DateTime Set @Time = GetDate() select College_Year, group_code, Student_ID, Session_Date, Start_Time, Att_Code from attendanceDetswhere College_Year = 2005 AND group_code LIKE '____________' AND Student_ID LIKE '________'AND Session_Date <= '2005-11-16' AND Session_Date >= '2005-11-16' AND Att_Code LIKE '_' Print 'First query took: ' + CAST(DATEDIFF(ms, @Time, GETDATE()) AS VarCHar(5)) + ' milli-Seconds' Set @Time = GetDate() EXEC CAMsp_Att @College_Year = 2005, @Start_Date = '2005-11-16', @End_Date = '2005-11-16' Print 'Second query took: ' + CAST(DATEDIFF(ms, @Time, GETDATE()) AS VarCHar(5)) + ' milli-Seconds'GO --SET SHOWPLAN_TEXT OFF--GOThe execution plan for the first query appears miles more costly than the sproc yet it is effectively the same query with no parameters. However, my understanding is the cached plan substitutes literals for parameters anyway. In any case - the first query cost is listed as 99.52% of the batch, the sproc 0.48% (comparing the IO, cpu costs etc support this). BUT the text output is:(10639 row(s) affected) First query took: 596 milli-Seconds (10639 row(s) affected) Second query took: 2856 milli-SecondsI appreciate that logical and physical performance are not one and the same but can why is there such a huge discrepancy between the two? They are tested on a dedicated test server, and repeated running and switching the order of the queries elicits the same results. Sample data can be provided if requested but I assumed it would not shed much light. BTW - I know that additional indexes can bring the plans and execution time closer together - my question is more about the concept. If you've made it this far - many thanks.If you can enlighten me - infinite thanks.
Here's my case, I have written a stored procedure which will perform the following: 1. Grab data from a table using cursor, 2. Process data, 3. Write the result into another table
If I execute the stored procedure directly (thru VS.NET, or Query Analyser), it will run, but when I tried to execute it via a scheduled job, it fails.
I used the same record, same parameters, and the same statements to call the stored procedure.
The benefit of the actual execution plan is that you can see the actual number of rows passing through each step - compared to the estimated number of rows.But what about the "cost percentages" ?I believe I've read somewhere that these percentages is still just an estimate and is not based on the real execution.Does anyone know this and preferable have a link to something that documents it?Thanks
Hello everyone I need some advice regarding security My security officier wants me to disable the sa account on all my SQL Servers. NT Security for the sysadmin role is already setup for all my servers for the group "Domain DBAs"
Could someone give the pros and cons. this Person wants the ability tho activate the sa account at will. (he comes from the AS400 Mind frame)
Second question are there any good books or courses that talk about securing SQL Server 7.0, 2000, etc.
I have taken over a NT 4 and SQL Server 7 system that has a NT account called SA. No one seems to know what it is for. I thought that the SA account was only a SQL login. has anyone seen this? Thanks
Scenario: My client has 4 sql boxes with applications connecting to them via various methods (ado, odbc, etc.). Some of the applications have the SA login and pwd hard coded. Too many users have the SA pwd so they want to change the pwd without affecting the applications. Well, they haven't heard of Source Safe until I got here and the projects for the applications are nowhere to be found. They don't want to hear about rewriting the applications.
Suggestions: I'm wondering if I can create an account with the same priviledges of SA and modify the SA account. I'm not sure what's possible at this point because they have taken away most of my options.
If anyone has any suggestions, I would appreciate it.
This is my first time to install the SQL 2005 on my VPC for testing purpose, I don't recall that I did configure the sa account during the instalation. Is their is any way after the installation to configure the sa account with a password? Please advice
Can I roll back certain query(insert/update) execution in one page if query (insert/update) in other page execution fails in asp.net.( I am using sqlserver 2000 as back end) scenario In a webpage1, I have insert query into master table and Page2 I have insert query to store data in sub table. I need to rollback the insert command execution for sub table ,if insert command to master table in web page1 is failed. (Query in webpage2 executes first, then only the query in webpage1) Can I use System. Transaction to solve this? Thanks in advance