tags:

views:

322

answers:

3
+1  Q: 

PerformancePoint dashboard permissions problem in MOSS

I have a PerformancePoint dashboard running in MOSS 2007 portal. The dashboard consists of one SSRS 2005 report, running in SharePoint Integrated mode.

NT Authority\Authenticated Users have read permissions to the report library containing the SSRS report, the dashboard, and the report library containing the dashboard.

Users that attempt to access the dashboard receive the following error message:

The permissions granted to user 'DOMAIN\firstname.lastname' are insufficient for performing this operation. (rsAccessDenied)

Users that then click on the direct link to the report in MOSS will see the report with no problem. Subsequent visits to the dashboard show the report with no problem.

The report is using a data source that is located one folder up from the report location. The report has been updated to point to the correct shared data source after deployment. Both the report and the data source have been published. The data source is using stored credentials, with a domain service account that has been set to Use as Windows credentials. This service account is serving other reports in other areas with no problem.

Edit:
Ok, I've gotten a lot more information on this problem. The request is never actually being made to the data source. The user comes in to the dashboard and requests a report for the first time using their kerberos token identifying themselves. The report looks in the Report Server database and finds that they are not listed in the users table and generates this rsAccessDenied error. Once they view the report directly their name is in this table and they never have the problem again.

Unfortunately, removing the user from the Users table in the RS database doesn't actually cause this error to happen again.

Everything I've read says that when you run a Report Server in MOSS integrated mode all your permissions are handled at the MOSS report library level, and all Auth users have permissions to the report library, as stated earlier. Any ideas?

+1  A: 

It sounds like the dashboard page is not passing credentials to the report server. Because you stated if the user hits the report directly it works and then if they go through the dashboard it works. So does it stop working after a certain period, indicating a cached session?

I would look carefully at the properties on the dashboard in performance point to see if it is passing credentials or trying to use anonymous. I hope this isn't a case of double hop and Kerberos :(

Brian Bedard  2010-03-01 20:48:08
It never "stops working" - it never works the very first time the user tries it, but always works after the user accesses the report directly.
Nathan DeWitt  2010-03-01 21:02:16
A: 

I implemented a work-around:

  • created a fake report
  • on the page with my report, created a content editor web part consisting of the following: <iframe style="display:none;" src="https://link/to/my/report.rdl"&gt;&lt;/iframe&gt;
  • I tested with another user that was experiencing the error, and they are no longer experiencing the error with my new and improved page.

I know this is a kludgy, and might even be dependent on the loading order of the page. Therefore, I would really like to find out what's causing this issue so I can fix it for good.

Edit:
I don't want to accept my own answer, since it's just a work-around. If anyone can post anything relevant to the user name placed into the Report Server DB and how that relates to SharePoint Integrated mode, you'll get the bounty.

Nathan DeWitt  2010-04-23 19:50:36
A: 

Hi Nathan,

I'm not sure if this is actually the same issue, but you could double check that the data sources are set to "Approved", not "Pending". It's a stretch, but it's worth a shot.

Chaulky  2010-04-23 21:23:09
data sources are Approved and Published.
Nathan DeWitt  2010-04-24 14:18:04

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?