After Installing and Configuring Enterprise Vault (EV) Reports for version 8.0, cannot access Site Settings - Security (rsaccessdenied)

Article:TECH67050  |  Created: 2009-01-23  |  Updated: 2014-10-09  |  Article URL http://www.symantec.com/docs/TECH67050
Article Type
Technical Solution


Issue



The configuration process will setup the Reporting user and deploy the EV Reports.  
In EV 8.0, EV Roles-Based Authentication (RBA) is used for EV Reporting and SQL Server Reporting Services (SSRS) RBA is not supported.  
The access to settings related to SSRS security and management has been denied as part of the EV Reports functionality.

In order to implement the EV RBA security, the configuration process also makes changes to the rsreportserver.config configuration file for the SRSS instance.


Error



The permissions granted to user '\' are insufficient for performing this operation (rsAccessDenied)


Cause



The values under the security value of the config are changed:

Before:

 <Security>
  <Extension Name="Windows" Type="Microsoft.ReportingServices.Authorization.WindowsAuthorization, Microsoft.ReportingServices.Authorization" />
 </Security>
 <Authentication>
  <Extension Name="Windows" Type="Microsoft.ReportingServices.Authentication.WindowsAuthentication, Microsoft.ReportingServices.Authorization" />

After:

 <Security>
  <Extension Name="Windows" Type="Symantec.EnterpriseVault.Reports.SecurityExtension.Authorization,EVSecurityExtension" />
 </Security>
 <Authentication>
  <Extension Name="Windows" Type="Symantec.EnterpriseVault.Reports.SecurityExtension.Authentication,EVSecurityExtension" />

This issue results from how RBA has been implemented in Enterprise Vault 8.0. However there are a few workarounds available:

Workaround 1:

This workaround sets the security configuration back to pre-Enterprise Vault 8.0 functionality.
A. Open the rsreportserver.config for the current SSRS instance (drive: Program Files > Microsoft SQL Server > MSRS10.MSSQLSERVER > Reporting Services > Report Server)

 

     Note: the MRS10.MSSQLSERVER portion of the path may vary somewhat depending on version.
B. Locate and change the following values for the Authorization and Authentication Security Extensions:

   1.
  <Extension Name="Windows" Type="Symantec.EnterpriseVault.Reports.SecurityExtension.Authorization,EVSecurityExtension" />

Back to:

  <Extension Name="Windows" Type="Microsoft.ReportingServices.Authorization.WindowsAuthorization, Microsoft.ReportingServices.Authorization" />

   2.
  <Extension Name="Windows" Type="Symantec.EnterpriseVault.Reports.SecurityExtension.Authentication,EVSecurityExtension" />

Back to:

  <Extension Name="Windows" Type="Microsoft.ReportingServices.Authentication.WindowsAuthentication, Microsoft.ReportingServices.Authorization" />


Note:
   a. This workaround will stop the EV RBA integration with SSRS and default EV Reporting to use SSRS RBA.  Perform an IIS reset in order for the changes to take effect.
   b. In addition to the above, it has been observed in some environments that opening the Reports web page may take minutes to initially open when using EV RBA integration.

Workaround 2:

A dedicated Sql Reporting server can be set up for EV reporting.

Solution



Symantec Corporation has acknowledged that the above-mentioned issue is present in the version(s) of the product(s) referenced in this article. 

There are currently no plans to address this issue by way of a cumulative hotfix or service pack in the current or previous versions of the software at the present time. This issue may be resolved in a future major revision of the software at a later time, but is not scheduled for any release. If you feel this issue has a direct business impact for you and your continued use of the product, please contact your Symantec Sales representative or the Symantec Sales group to discuss these concerns.  For information on how to contact Symantec Sales, please see http://www.symantec.com.

Supplemental Materials

SourceETrack
Value1513235
Description

EV 8 - After deploying EV reporting on SRSS server can no longer make global security changes in Site Settings



Legacy ID



317967


Article URL http://www.symantec.com/docs/TECH67050


Terms of use for this information are found in Legal Notices