I have some reports which are hosted on a SQL Server 2008R2 machine. I can browse my reports at any time. This is because I have the administrator privilege on this machine and all my authentication are in place.
Recently I had to give browse permisions on reports to some domain users. The task is quite easy if you follow the right steps to do it.
First I shared the URL of the reports which was in the format of http://servername/Reports/ with the domain users. When the domain users tried to navigate the reports they got the error that
The permissions granted to user 'domain\username' are insufficient for performing this operation.
In order to solve this issue, I performed the following steps which resovle the issue and the domain users were able to browse the reports on their machine with their own domain credentials.
Step 1: The first thing I checked was Reporting Services Configuration Manager settings. I found that the Service Account was set to Local System. I changed it to Network Service.
Step 2: The second step I did was to check the Local groups . I right click on My Computers->Manage. In the Computer Management window I selected Local Users and Groups and under Groups I find the group I was looking after i.e. SQLServerReportServerUsers$machineName$MSRS10_50.MSSQLSERVER. I double click it and added the domain users in the SQL Server Report Server group.
Step 3: I open the SQL Server Report servcies path(http://servername/reports/) in browser and click on the report folders. I selected the Folder Settings.
From the left frame I selected the Security and clicked on New Role Asignment
I assigned the domain\user the Browser role
…and clicked on OK.
I did the same steps to grant permission on my Data Sources folder.
I thought I am done. I asked the domain users to view the reports now. They did and they got a new error message:
…I realized that I forget to add the domain users in the SQL Server Logins groups as the reports I have are using SQL Server databases and my SQL Server is setup with windows Authentication. I quickly jump to the SSMS and created the logins and grant appropriate permissions to the domain users.
This worked and all my domain users were able to see the reports with their own windows credentials.