Hi,
I have an application that attempts to create a subscription through the
Reporting Services API. I'm currently getting an error that states the
"'System.Web.Services.Protocols.SoapException: A subscription delivery error
has occurred. --> A subscription delivery error has occurred. --> The value
of parameter ''extensionSettings'' is not valid. Check the documentation for
information about valid values. --> The account you are using does not have
administrator privileges. A subscription cannot be created for
testuser@.company.com"
I did a bit more poking around and found that if I added TestUser, the
currently logged in account, to the administrator group of the machine that
has the Reporting Services webserver, I no longer had this problem and I was
able to create the subscription through the API. My domain users are all set
to Browsers through the Report Manager web interface, but I doubt this
matters since it is separate from the API.
I'm devising a work around for this problem now that doesn't use the default
credentials for the Reporting Service web service, but uses credentials of a
user who is an administrator of that machine. I believe this will work, but
I was wondering how else I might give users the privelege of creating
subscriptions without being administrators of the machine. Also, what other
methods (i.e. delete subscription) are priveleged to only administrators of
the machine?
Thanks, JoelTurns out they just can't create subscriptions for anybody else but
themselves.
Bugger! And I built a great little address book tool too!
-Joel
"Joel Rumerman" <JRumerman@.prometheuslabs.com> wrote in message
news:e$OO684xEHA.2876@.TK2MSFTNGP12.phx.gbl...
> Hi,
> I have an application that attempts to create a subscription through the
> Reporting Services API. I'm currently getting an error that states the
> "'System.Web.Services.Protocols.SoapException: A subscription delivery
> error has occurred. --> A subscription delivery error has occurred. -->
> The value of parameter ''extensionSettings'' is not valid. Check the
> documentation for information about valid values. --> The account you are
> using does not have administrator privileges. A subscription cannot be
> created for testuser@.company.com"
> I did a bit more poking around and found that if I added TestUser, the
> currently logged in account, to the administrator group of the machine
> that has the Reporting Services webserver, I no longer had this problem
> and I was able to create the subscription through the API. My domain users
> are all set to Browsers through the Report Manager web interface, but I
> doubt this matters since it is separate from the API.
> I'm devising a work around for this problem now that doesn't use the
> default credentials for the Reporting Service web service, but uses
> credentials of a user who is an administrator of that machine. I believe
> this will work, but I was wondering how else I might give users the
> privelege of creating subscriptions without being administrators of the
> machine. Also, what other methods (i.e. delete subscription) are
> priveleged to only administrators of the machine?
> Thanks, Joel
>|||Hi Joel,
I am looking into this issue and will update you as soon as possible when I
find any valueable things to add.
Thank you for your patience and corporation. If you have any questions or
concerns, don't hesitate to let me know. We are always here to be of
assistance!
Sincerely yours,
Michael Cheng
Online Partner Support Specialist
Partner Support Group
Microsoft Global Technical Support Center
---
Get Secure! - http://www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only, many thanks!|||All,
Following a lead, I checked the output of a GetPermissions call and this is
what I, an adminstrator of the webserver and a content manager Reporting
Services received for output.
Create Folder
Delete
Read Properties
Update Properties
Create Report
Create Resource
Create data source
Read Security Policies
Update Security Policies
The example in RS BOL states that I should see more permissions :
Delete
Execute and View
Read Properties
Update Properties
Update Parameters
Read Data Sources
Update Data Sources
Read Report Definition
Update Report Definition
Create Subscription
Delete Subscription
Read Subscription
Delete Report History
Update Subscription
Create Any Subscription
Delete Any Subscription
Read Any Subscription
Read Security Policies
Update Security Policies
Update Any Subscription
Read Policy
Update Policy
List Report History
Create Report History
Execute
Create Link
I ran it again with a user that had Browser permissions only and who wasn't
an administrator and it returned
Read Properties
My main concern is where are the
Create Subscription
Delete Subscription
Read Subscription
permissions'? If only for me, but also for TestUser.
Thx, Joel
""Michael Cheng [MSFT]"" <v-mingqc@.online.microsoft.com> wrote in message
news:puNmpb$xEHA.3956@.cpmsftngxa10.phx.gbl...
> Hi Joel,
> I am looking into this issue and will update you as soon as possible when
> I
> find any valueable things to add.
>
> Thank you for your patience and corporation. If you have any questions or
> concerns, don't hesitate to let me know. We are always here to be of
> assistance!
>
> Sincerely yours,
> Michael Cheng
> Online Partner Support Specialist
> Partner Support Group
> Microsoft Global Technical Support Center
> ---
> Get Secure! - http://www.microsoft.com/security
> This posting is provided "as is" with no warranties and confers no rights.
> Please reply to newsgroups only, many thanks!
>|||So it turns out that I had my path set to the root directory in the sample
application
Dim permissions As [String]() = rs.GetPermissions("/")
If change it to point directly to a report I get back the expected
permissions.
Dim permissions As [String]() = rs.GetPermissions("/Billing/Billing Group
Activity Detail")
Joel
"Joel Rumerman" <JRumerman@.prometheuslabs.com> wrote in message
news:eq0fb2AyEHA.3120@.TK2MSFTNGP12.phx.gbl...
> All,
> Following a lead, I checked the output of a GetPermissions call and this
> is what I, an adminstrator of the webserver and a content manager
> Reporting Services received for output.
> Create Folder
> Delete
> Read Properties
> Update Properties
> Create Report
> Create Resource
> Create data source
> Read Security Policies
> Update Security Policies
> The example in RS BOL states that I should see more permissions :
> Delete
> Execute and View
> Read Properties
> Update Properties
> Update Parameters
> Read Data Sources
> Update Data Sources
> Read Report Definition
> Update Report Definition
> Create Subscription
> Delete Subscription
> Read Subscription
> Delete Report History
> Update Subscription
> Create Any Subscription
> Delete Any Subscription
> Read Any Subscription
> Read Security Policies
> Update Security Policies
> Update Any Subscription
> Read Policy
> Update Policy
> List Report History
> Create Report History
> Execute
> Create Link
> I ran it again with a user that had Browser permissions only and who
> wasn't an administrator and it returned
> Read Properties
> My main concern is where are the
> Create Subscription
> Delete Subscription
> Read Subscription
>
> permissions'? If only for me, but also for TestUser.
> Thx, Joel
>
> ""Michael Cheng [MSFT]"" <v-mingqc@.online.microsoft.com> wrote in message
> news:puNmpb$xEHA.3956@.cpmsftngxa10.phx.gbl...
>> Hi Joel,
>> I am looking into this issue and will update you as soon as possible when
>> I
>> find any valueable things to add.
>>
>> Thank you for your patience and corporation. If you have any questions or
>> concerns, don't hesitate to let me know. We are always here to be of
>> assistance!
>>
>> Sincerely yours,
>> Michael Cheng
>> Online Partner Support Specialist
>> Partner Support Group
>> Microsoft Global Technical Support Center
>> ---
>> Get Secure! - http://www.microsoft.com/security
>> This posting is provided "as is" with no warranties and confers no
>> rights.
>> Please reply to newsgroups only, many thanks!
>|||For all to learn from ...
The permissions on subscriptions don't make sense. It seems the user is
blocked from creating a subscription for anybody only at the Report Manager
web site level, not at the API level if SendEmailToUserAlias=False. This is
evident by the CC and BCC text boxes not being visible when the user is not
an administrator of the machine RS is running on, and by RS NOT throwing an
error when the CC and BCC fields are used in the extensionParameters array
through the API call to CreateSubscription. However, the comments field is
not allowed through an API call or shown on the website and throws an error
if its use is attempted. It seems MSFT has implemented most security only at
the presentation tier (the web site), not the middle-tier. (However,
documentation on the all of the security is lacking.)
Thx, Joel
"Joel Rumerman" <JRumerman@.prometheuslabs.com> wrote in message
news:eZRrC7AyEHA.2348@.TK2MSFTNGP12.phx.gbl...
> So it turns out that I had my path set to the root directory in the sample
> application
> Dim permissions As [String]() = rs.GetPermissions("/")
> If change it to point directly to a report I get back the expected
> permissions.
> Dim permissions As [String]() = rs.GetPermissions("/Billing/Billing Group
> Activity Detail")
> Joel
> "Joel Rumerman" <JRumerman@.prometheuslabs.com> wrote in message
> news:eq0fb2AyEHA.3120@.TK2MSFTNGP12.phx.gbl...
>> All,
>> Following a lead, I checked the output of a GetPermissions call and this
>> is what I, an adminstrator of the webserver and a content manager
>> Reporting Services received for output.
>> Create Folder
>> Delete
>> Read Properties
>> Update Properties
>> Create Report
>> Create Resource
>> Create data source
>> Read Security Policies
>> Update Security Policies
>> The example in RS BOL states that I should see more permissions :
>> Delete
>> Execute and View
>> Read Properties
>> Update Properties
>> Update Parameters
>> Read Data Sources
>> Update Data Sources
>> Read Report Definition
>> Update Report Definition
>> Create Subscription
>> Delete Subscription
>> Read Subscription
>> Delete Report History
>> Update Subscription
>> Create Any Subscription
>> Delete Any Subscription
>> Read Any Subscription
>> Read Security Policies
>> Update Security Policies
>> Update Any Subscription
>> Read Policy
>> Update Policy
>> List Report History
>> Create Report History
>> Execute
>> Create Link
>> I ran it again with a user that had Browser permissions only and who
>> wasn't an administrator and it returned
>> Read Properties
>> My main concern is where are the
>> Create Subscription
>> Delete Subscription
>> Read Subscription
>>
>> permissions'? If only for me, but also for TestUser.
>> Thx, Joel
>>
>> ""Michael Cheng [MSFT]"" <v-mingqc@.online.microsoft.com> wrote in message
>> news:puNmpb$xEHA.3956@.cpmsftngxa10.phx.gbl...
>> Hi Joel,
>> I am looking into this issue and will update you as soon as possible
>> when I
>> find any valueable things to add.
>>
>> Thank you for your patience and corporation. If you have any questions
>> or
>> concerns, don't hesitate to let me know. We are always here to be of
>> assistance!
>>
>> Sincerely yours,
>> Michael Cheng
>> Online Partner Support Specialist
>> Partner Support Group
>> Microsoft Global Technical Support Center
>> ---
>> Get Secure! - http://www.microsoft.com/security
>> This posting is provided "as is" with no warranties and confers no
>> rights.
>> Please reply to newsgroups only, many thanks!
>>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment