Found in version 12.1.5 and still found in 12.1.6.
If you find this error in the reporting log found at:
<...>\Symantec Endpoint Protection Manager\apache\logs\reporting.log
If the reporting.log contains many logs like:
ERROR:Cannot apply permission checks to: select sum(a.noofviruses) as anzahl, ha.whitelist_reason from alerts a with (nolock), hpp_application hp, hpp_alerts ha , v_virus v where a.hpp_app_idx = hp.app_idx and a.virusname_idx= v.virusname_idx and ha.idx=a.idx and v.type = 18 and a.source != 'heuristic scan' and a.servergroup_idx in (<cut by Ron>) and a.computer_idx in (select i.computer_id from v_sem_computer as i with (nolock) where i.deleted = 0) and a.mother_idx = '' and a.deleted = 0 and (convert (varchar, a.alertinserttime, 120) >='2015-01-23 14:36:00' and convert (varchar, a.alertinserttime, 120) <='2015-01-23 15:36:00') group by ha.whitelist_reason , there must be a v_agent_incl_group_id join
Solution:
FInd file <...>\Symantec Endpoint Protection Manager\Php\Include\Dashboard\DashboardQueries.php
and change line 163 (12.1.5) or 177 (12.1.6) reading:
INNER JOIN virus as V ON A.virusname_idx = V.virusname_idx INNER JOIN SEM_AGENT SA ON SA.COMPUTER_ID=A.COMPUTER_IDX
into:
INNER JOIN virus as V ON A.virusname_idx = V.virusname_idx INNER JOIN V_AGENT_INCL_GROUP_ID as SA with (NOLOCK) ON SA.Computer_ID = A.Computer_IDX
In other words: replace table "SEM_AGENT" with view "V_AGENT_INCL_GROUP_ID".