Friday, January 20, 2012

AX 2012 SSRS Error: Error while setting server report parameters.

AX 2012 SSRS Error: "Error while setting server report parameters. Error message: The permissions granted to user '[DOMAIN\USERNAME]' are insufficient for performing this operation. (rsAccessDenied). The permissions granted to user '[DOMAIN\USERNAME]' are insufficient for performing this operation. (rsAccessDenied)"
Figure 1 - SSRS Permissions error
Replication of the error: Trying to run any SSRS report within AX

About the error: This is actually not AX specific.  It is with permissions on the SSRS site.  The user may need to be granted access to get to the SSRS reports or it could be an issue with a setting.

Resolution: Some things to check to resolve the issue

1. Navigate to the Report Manager url (http://SSRSREPORTSERVERNAME/Reports/Pages/Folder.aspx), go to the Folder Settings and click on 'New Role Assignment'. Add the appropriate user or group. Make sure they have access to 'Browser. Content Manager, and DynamicsAXBrowser'.
Figure 2 - Adding a role assignment to SSRS 
2. IIS: Check to make sure the Reports virtual directory is NOT set to allow anonymous access on the properties (VirtDir > Properties > Security).  The Visual Studio ReportsServer virtual directory defaults to deny anonymous access. 
3. Check Windows User Account Control (UAC) restrictions.
If this still doesn't fix things, you can reset all the changes by going to the virtual directory tab on the left hand side of the SQL Server Reporting services config, make sure the check box 'Apply default settings' is checked.  Then try tinkering around some more.

5 comments:

  1. This is really helpful and saved lot of my time

    ReplyDelete
  2. hi
    //IIS: Check to make sure the Reports virtual directory is NOT set to allow anonymous access on the properties (VirtDir > Properties > Security). The Visual Studio ReportsServer virtual directory defaults to deny anonymous access.

    i cant find any reports folder in iss

    ReplyDelete
  3. This is great, thanks! What UAC rights are needed? I've found that if a user is an administrator they can run reports. If any other group (users, power users, the 5 SQLServer groups, etc) they cannot run reports. I don't want to make all my users administrators though.

    ReplyDelete
    Replies
    1. Ryan, hopefully users other than admins can run reports. I can definitely see your hesitation to giving everyone access as admins in your environment. For some reason I have a vision of a a bunch of kids in a pinata themed birthday party at a china shop going wild... Call me crazy...

      I'm not entirely sure about UAC rights for very specific setup. Speaking conceptually, users should be able to access reports from an AX link or URL link/shortcut as only SSRS 'user' permissions (not power users, admins, etc). You should be able to lock them down quite sufficiently. I'd need more info to be able to help you further on this one.

      As a next step however, I would check your security as a whole first, starting with hardening the report server. Have you had a user in question try to run a very specific report (via just a URL) from within the SSRS machine not as an admin?

      Delete