Issue and Background

When you try to view an SSRS report from a SharePoint library, you see the following error message:

The permissions granted to user '[DOMAIN NAME]\[USER NAME] are insufficient for performing this operation. (rsAccessDenied)

 If you review the  IIS Log you will see the user requesting the report is registered as [Domain Name]\[User Name] while SharPoint is configured with just the [User Name], and the [Domain Name] is not explicitly included.

 
This mismatch in user identification, causes the failure as the report server does a string comparison between the it received and the one that is registered in Sharepoint. 

 For example, a  customer registers the Service Account for a Web Application without the domain name.  However the actual Application Pool identity in InetMgr was registered with the domain name. Currently, the SharePoint object model does not always store the Service Account name in a form that is a character for character match with the actual Application pool identity. Therefore, when the report server is comparing the two tokens, they do not match and the result is the Access Denied exception, being seen by the customer .


Work Around
Update the registration of the service account for the web application to include the domain name as well as the user name.  SharePoint 2010 products (draft)
Open SharePoint Central Administration.
In the Security section, click Configure Service Accounts.
MOSS 2007 and WSS 3.0 (draft) 

    1. Open SharePoint Central Administration.
    2. In the Operations section click Service Accounts.
    3. Choose the Web Application Pool as "Windows SharePoint Services Web
      Application
      Choose any of the application pool
      In the Configurable User Name we saw customer has a domain user name where he
      did not specify domain name. Eg: redmond\lakshmij, instead we saw just Lakshmj as
      the username.

Applies to 

     Integrated with

See Also

 

External Links