Issue and Background
When you try to view an SSRS report from a SharePoint library, you see the following error message:
The permissions granted to user '[DOMAIN NAME]\[USER NAME] are insufficient for performing this operation. (rsAccessDenied)
If you review the IIS Log you will see the user requesting the report is registered as [Domain Name]\[User Name] while SharPoint is configured with just the [User Name], and the [Domain Name] is not explicitly included.
For example, a customer registers the Service Account for a Web Application without the domain name. However the actual Application Pool identity in InetMgr was registered with the domain name. Currently, the SharePoint object model does not always store the Service Account name in a form that is a character for character match with the actual Application pool identity. Therefore, when the report server is comparing the two tokens, they do not match and the result is the Access Denied exception, being seen by the customer .
Work Around
Update the registration of the service account for the web application to include the domain name as well as the user name. SharePoint
2010 products (draft)
Open SharePoint Central Administration.
In the
Security
section, click Configure Service Accounts.
MOSS 2007 and WSS 3.0 (draft)
-
- Open SharePoint Central Administration.
- In the Operations section click Service Accounts.
- Choose the Web Application Pool as "Windows SharePoint Services Web
Application
Choose any of the application pool
In the Configurable User Name we saw customer has a domain user name where he
did not specify domain name. Eg: redmond\lakshmij, instead we saw just Lakshmj as
the username.
Applies to
- SQL Server 2008 R2 Reporting Services
- SQL Server 2008 Reporting Services
- SQL Server 2005 Reporting Services
- Microsoft Office SharePoint Server (MOSS) 2007
- Windows SharePoint Services 3.0