Share via

SharePoint Report Viewer Web Part Permissions granted to user 'NT AUTHORITY\IUSR' are insufficient

Paul Anderson 1 Reputation point
2022-04-05T10:36:45.12+00:00

I have a SharePoint 2019 and SQL Server 2019 installation on the same box and I am running through various steps to configure Reporting Services for SharePoint 2019.

When I add the Report Viewer Web Part to a Web Part Page I see the following error:

The permissions granted to user 'NT AUTHORITY\IUSR' are insufficient for performing this operation. (rsAccessDenied)

190172-image.png

Setup

I have a viewable report in my SQL Server Reporting Services portal from my two accounts paddmin and sp_test:
http://sp2019app01/Reports/report/Reports/NoDataSourceReport

I have installed the Report Viewer Web Part in SharePoint 2019.
https://learn.microsoft.com/en-us/sql/reporting-services/report-server-sharepoint/deploy-report-viewer-web-part?view=sql-server-ver15

I can view the report from two of my accounts - paadmin and sp_test in SQL Server Reporting Services
http://sp2019app01/Reports/report/NoDataSourceReport

190192-image.png

Servers

Everything runs on a single machine - SharePoint 2019, SQL Server 2019, SSRS on SP2019APP01. The machine runs Windows Server 2019 and IS NOT a domain-joined server.

Accounts

paadmin is part of the BUILTIN\Administrators group.
sp_test is a local user who has been granted permission on the root folder in SSRS.

Other local administrator accounts are:

sp_farm
sp_admin

SharePoint WebApp Configuration

190185-image.png

SSRS Configuration

190166-image.png

IIS App Pool Identities

These are as follows:

190201-image.png

SharePoint WebApplication Security Setup

The following security was configured in SharePoint 2019:

190098-image.png

ULS Logs of interest

   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Logging Correlation Data xmnv Medium Name=Request (GET:http://sp2019app01/SitePages/SuperTaskListReportsWebPartPage.aspx) 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Asp Runtime avwhz Medium SPRequestModule.BeginRequestHandler End, SP Build Version: '16.0.10383.20001' 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Claims Authentication bjkuz Medium Using input cookie name. CookieName: 'FedAuth'. 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Application Authentication bjvyg Medium SPApplicationAuthenticationModule: Clear outgoing token context from SpThreadContext 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Application Authentication bnksk Medium SPApplicationAuthenticationModule: Clear cross tenant token context from SpThreadContext 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Asp Runtime avwh6 Medium SPRequestModule.PostAuthenticateRequestHandler Begin 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Authentication Authorization agb9s Medium Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Runtime ajd6k Medium Value for isAnonymousAllowed is : False 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Runtime ajd6l Medium Value for checkAuthenticationCookie is : True 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Claims Authentication af32k Medium Claims Windows Sign-In: Sending 401 for request 'http://sp2019app01/SitePages/SuperTaskListReportsWebPartPage.aspx' because the user is not authenticated and resource requires authentication. 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation General b6p2 Medium Sending HTTP response 401 - text/plain:401 UNAUTHORIZED. 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Asp Runtime avwia Medium SPRequestModule.PostLogRequestHandler Begin 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Asp Runtime avwib Medium SPRequestModule.PostLogRequestHandler End 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Asp Runtime avwic Medium SPRequestModule.EndRequestHandler Begin 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Micro Trace uls4 Medium Micro Trace Tags: 0 avwhy,0 nasq,0 avwhz,0 bjkuz,0 bjvyg,0 bnksk,0 avwh6,0 agb9s,0 ajd6k,0 ajd6l,0 af32k,0 b6p2,0 avwia,0 avwib,0 avwic 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Runtime aoxsq Medium Sending HTTP response 302 for HTTP GET request 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Unified Audit bm7sm High SPRequestModule::CreatePageViewedAuditEntry: Required parameters not set properly,exiting creating PageViewed SPUnifiedAuditEntry 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Monitoring b4ly Medium Leaving Monitored Scope: (Request (GET:http://sp2019app01/SitePages/SuperTaskListReportsWebPartPage.aspx)) Execution Time=2.032; CPU Milliseconds=1; SQL Query Count=0; Parent=None 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Asp Runtime avwid Medium SPRequestModule.EndRequestHandler End 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation General b6p2 Medium Sending HTTP response 401 - text/plain:401 UNAUTHORIZED. 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Application Authentication arftr Medium SPApplicationAuthenticationModule.IsBearerChallengeRequested: Return 'False'. 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Claims Authentication crpqx Medium STS setting for SuppressModernAuthForOfficeClients:'True'. 12c330a0-6e66-c009-d10a-c035eb0bd1b9  
   04/05/2022 14:57:40.58 w3wp.exe (0x19D8) 0x25E0 SharePoint Foundation Application Authentication bjkut Medium IsClaimsTrustedAuthenticationOnly: 'False', IsOfficeClientIDCRLRequest: 'False', HasSPTrustedSecurityTokenIssuer: 'False', ForceIdcrlForOfficeClients: 'True'. 12c330a0-6e66-c009-d10a-c035eb0bd1b9

Updates

  1. I am trawling through related security documentation to verify I have this all set up correctly.
  2. The problem is viewing any report - even a report without a data source (i.e. just the title as text in the report)
  3. The Report Server Service Account was set to Virtual Service Account. This has now been changed to sp_admin - but since updating the same problem persists. 1: /api/attachments/190048-image.png?platform=QnA 3: /api/attachments/190185-image.png?platform=QnA
SQL Server Reporting Services
SQL Server Reporting Services
A SQL Server technology that supports the creation, management, and delivery of both traditional, paper-oriented reports and interactive, web-based reports.
3,061 questions
Microsoft 365 and Office SharePoint Development
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CaseyYang-MSFT 10,461 Reputation points
    2022-04-06T05:42:19.657+00:00

    Hi @Paul Anderson ,

    Here is a similar issue: How to fix Reporting Services permissions are insufficient for performing operation (rsAccessDenied).
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    You could follow these steps to troubleshooting this issue:

    1.Make sure you have access configured to the URL http://localhost/reports using the SQL Reporting Services Configuration.
    2.Start/ run Internet Explorer using Run as Administator.
    3.Go to: http://localhost/reports (you may have to login with your Computer's username and password).
    4.You should now be directed to the Home page of SQL Server Reporting Services here: http://localhost/Reports/Pages/Folder.aspx
    5.From the Home page, click the Properties tab, then click New Role Assignment.
    6.In the Group or user name textbox, add the 'domain\username' which was in the error message.
    7.Now check all the checkboxes; Browser, Content Manager, My Reports, Publisher, Report Builder, and then click OK.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.