IDocumentQuery.Execute() method throws user does not have edit permissions exception

I'm trying to query a document folder for all of its containing documents. Its a basic query like this:
IPortletContext PortletContext = PortletContextFactory.CreatePortletContext(Request,Response);IRemoteSession PTSession;PTSession = PortletContext.GetRemotePortalSession();IDocumentManager documentManager = PTSession.GetDocumentManager();
IDocumentQuery documentQuery = documentManager.CreateQuery(FolderID); documentQuery.SetSortProperty(ObjectProperty.Name);IObjectQuery queryResults = documentQuery.Execute();
When I'm logged into the portal as an administrator, everything works fine. However if I'm logged in as a "regular" user, I get this exception when calling the Execute() method:
Plumtree.Remote.PRC.PortalException: Exception of type Plumtree.Remote.PRC.PortalException was thrown. ---> System.Web.Services.Protocols.SoapException: Server was unable to process request. --> Access denied: Current user does not have edit permission
I'm sending the Login Token to the portlet. Now I've tried giving the user Edit rights on the document folder as well as Edit the Knowledge Directory rights in the Activity Manager, but neither gets rid of the exception. I'm not sure what other "Edit" permissions to check. I don't even see why the user would need "Edit" permission to anything in the first place since the Execute() method simply returns an IObjectQuery that doesn't have any ability to make changes to any objects. I know that I could use the SearchFactory interface, but I wanted the results to be real time. Any help would be much appreciated. Thanks!
Jimmy

The problem here is that the query is created with default settings to show unapproved documents -- only users with edit access can see unapproved documents. Add the bold line to your code and it will work.
IDocumentManager docManager = prcSession.GetDocumentManager();IDocumentQuery docQuery = docManager.CreateQuery(iFolderID);docQuery.SetShowUnapproved(false);IObjectQuery queryResults = docQuery.Execute()

Similar Messages

Cannot delegate Reporting Services Web access to domain user / group, User does not have required permissions

Hi
I have an SCCM 2012 SP1 CU3 installation on a Server 2008 R2 + SQL 2008 R2.
I'm having trouble delegating Reporting Services Web Access to a standard domain user.
I have followed the instructions from these blogs:
http://blog.coretech.dk/kea/creating-the-reporting-user-role-in-configmgr-2012/
http://www.wolffhaven45.com/blog/sccm/assigning-users-to-configmgr-reportusers-group-in-sccm-2012/
No matter how I try, I cannot get the reports to show for a standard domain user. In the console no reports are showing and in the web access I get
"User domain\user does not have required permissions........"
The only thing that is consistenly working when I test is to put the AD Group on the Security Role "Full Administrator".
Then everything will show up.
Any ideas on how to troubleshoot this?

Thanks everyone for helping me with tips. I have now solved the problem. It was the permissions from SCCM that did not replicate to the Reporting Server.
In srsrp.log I got these error messages:
Could not retrieve the reporting service name for instance 'MSSQLSERVER'
Invalid class
Could not stop the reporting serviceAfter googling a litte I found these 2 sites with similiar problems:http://social.technet.microsoft.com/Forums/en-US/d4a7f93a-506f-4e3f-b5fc-bd2b087277da/ssrs-permissions-do-not-add?forum=configmanagergeneral
http://www.microtom.net/microsoft-system-center/software-distribution/sccm-2012-reporting-services-do-not-install
So I ran the command for SQL 2008 R2: mofcomp.exe C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof
and BAAM, everything started to work =)
/ALX

Forms Authentication Error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed

I created a custom security extension following the steps listed in the Readme_Security Extension Sample. It works fine if I login as the user that is specified AdminConfiguration section of the rsreportserver.config file but if I
log in as another user, I get this error: User '' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed. I've added the user to both System Administrator
and System User roles to try to get it to work but still no luck.
Does anyone know how to fix this?
Thanks.

Hi MetronM,
The issue is due to that user have no permission to access the report server. In report manager, Reporting Services includes predefined roles that we can assign to users and groups to provide immediate access to a report server. Each role defines a collection
of related tasks.
You can refer to the following steps to assign corresponding role to the user.
Open report manager.
Click “Folder Setting” button.
Click “New Role Assignment” icon.
Type the user name and select the corresponding role.
There is an article about Granting Permissions on a Native Mode Report Server, you can refer to it.
http://technet.microsoft.com/en-us/library/ms156014.aspx
Regards,
Alisa Tang
Alisa Tang
TechNet Community Support

User does not have sufficient permission(failed to execute submit operation)

Users are facing this error in my environment.Please tel why this error creeps up and how do i resolve it?
Please find error code below:-
Date:
Application:
Application
Version: 7.5.1561.116
Severity:
Error
Message:
Microsoft.EnterpriseManagement.Common.UnauthorizedAccessEnterpriseManagementException:
The user domain-name\user does not have sufficient permission to perform the
operation.
   at
Microsoft.EnterpriseManagement.Common.Internal.ServiceProxy.HandleFault(String
methodName, Message message)
   at
Microsoft.EnterpriseManagement.Common.Internal.ConnectorFrameworkConfigurationServiceProxy.ProcessDiscoveryData(Guid
discoverySourceId, IList`1 entityInstances, IDictionary`2 streams,
ObjectChangelist`1 extensions)
   at
Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.CommitInternal(EnterpriseManagementGroup
managementGroup, Guid discoverySourceId, Boolean
useOptimisticConcurrency)
   at
Microsoft.EnterpriseManagement.ConnectorFramework.IncrementalDiscoveryData.Commit(EnterpriseManagementGroup
managementGroup)
   at
Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.EnterpriseManagementObjectProjectionWriteAdapter.WriteSdkObject(EnterpriseManagementGroup
managementGroup, IList`1 sdkObjects, IDictionary`2 parameters)
   at
Microsoft.EnterpriseManagement.UI.SdkDataAccess.DataAdapters.SdkWriteAdapter`1.DoAction(DataQueryBase
query, IList`1 dataSources, IDictionary`2 parameters, IList`1 inputs, String
outputCollectionName)
   at
Microsoft.EnterpriseManagement.UI.ViewFramework.SingleItemSupportAdapter.DoAction(DataQueryBase
query, IList`1 dataSources, IDictionary`2 parameters, IList`1 inputs, String
outputCollectionName)
   at
Microsoft.EnterpriseManagement.UI.DataModel.QueryQueue.StartExecuteQuery(Object
sender, ConsoleJobEventArgs e)
   at
Microsoft.EnterpriseManagement.ServiceManager.UI.Console.ConsoleJobExceptionHandler.ExecuteJob(IComponent
component, EventHandler`1 job, Object sender, ConsoleJobEventArgs args)

Hi,
Adding more questions...
Is the user submitting a form?
Which form?
Which scsm roles are the user member of?
Any data model customizations related to the process?
I've seen something like this before at one of my clients where a custom relationship was used. The problem only arose when the user tried to relate an incident to another object
using the custom relationship. Normally this shouldn’t be a problem but in their case it was.
Patrik Sundqvist Solutions Architect @ Gridpro AB Blog: http://blogs.litware.se

Hr_maintain_masterdata showing an infotype that the user does not have auth

subject: hr_maintain_masterdata showing an infotype that the user does not have authorisation for
Hi all,
I've a user account that's meant to perform staffing, based on the actual HR role. The system is also set up with an infogroup that contains infotypes 0000, 0001, 0006, 0185, XYZ and other infotypes; XYZ representing an actual infotype. The HR role is not supposed to have this infotype XYZ.
When PA40 is used, infotype XYZ will be skipped, as the user account do not have authorisation for it. I could then proceed to create the record.
When the fm: hr_maintain_masterdata is used, I was prompted that I do not have authorisation for infotype XYZ.
I have setup my fm with the mininum amount of values, as indicated below.
I did not populate a table for "proposed_values" so the infotypes called were due to the actions of the infogroup.
fm: hr_maintain_masterdata
pernr = 01234567
massn = 01          (new staff)
actio = INS          (insert record)
tclas = A          (master record)
begda = 01.09.2010
endda = 31.12.9999
werks = myCompanyPlant
dialog_mode = 2     (online)
luw_mode = 1          (commit, if no errors encountered)
no_existance_check = X
Q. Is there any way to let the function module call the infotypes, with authorisation checks, as what PA40 is doing?
Your guidance would be appreciated.
Thank you,
James Wong

A behaviour that has been observed was that, after infotype 0185 was saved, the function module throws me back to infotype 0000, citing, "No authorization to maintain XYZ exists". Data that I had populated to the screen, either via the FM or by manual input were cleared. If I skip the next 4 screens, I'll arrive at the Infotype after XYZ, with the data populated. Subsequent infotypes also have their data filled in.
Once I complete the sequence, the personnel record will be created. Upon examination, the frist 4 screens that were skipped in the 2nd pass contains data that were entered in the 1st pass.
My question, as posted in the original post, is why infotype XYZ is triggered by the function module, as the staffing account does not hae access for it. If I repeat the process using PA40, the infotype is skipped accordingly.
Any help would be appreciated.
Thank you,
James Wong,

CREATE USER, User does not have permission to perform this action.

-- first, connect to the master database
CREATE LOGIN login1 WITH password='Qwerty12345';
CREATE USER login1User FROM LOGIN login1;
EXEC sp_addrolemember 'dbmanager', 'login1User';
EXEC sp_addrolemember 'loginmanager', 'login1User';After, I connect to database 'master' with 'login1User' and execute:CREATE LOGIN login2 WITH password='Qwerty12345'; - okCREATE USER login2User FROM LOGIN login2; - User does not have permission to perform this action.

Hi Vit007,
Please check the two database role: 'dbmanager' and 'loginmanager'.
CREATE USER Requires ALTER ANY USER permission on the database.
Iric Wen
TechNet Community Support
select rm.*, dp2.name AS 'User', dp1.name AS 'Role' from sys.database_role_members rm LEFT JOIN sys.database_principals dp1 ON rm.role_principal_id = dp1.principal_id LEFT JOIN sys.database_principals dp2 ON rm.member_principal_id = dp2.principal_id
role_principal_id
member_principal_id
User Role
6 8
login1 dbmanager
7 8
login1 loginmanager

User does not have sufficient access

Hello
I�ve got installed SUN ONE Portal Server. My problem is the following. When i have customized my portal and all this staff, sometimes when i tried to get to anonymous portal i�ve got the following error in the log file:
09/08/2004 05:27:28:646 PM MEST: Thread[service-j2ee-3,5,main]
WARNING: TagSwapper.doSwapFromParsedTagArray(): tag value unavailable: productName
09/08/2004 05:27:28:654 PM MEST: Thread[service-j2ee-3,5,main]
WARNING: TagSwapper.doSwapFromParsedTagArray(): tag value unavailable: fontFace1
09/08/2004 05:27:28:654 PM MEST: Thread[service-j2ee-3,5,main]
WARNING: TagSwapper.doSwapFromParsedTagArray(): tag value unavailable: productName
09/08/2004 05:27:28:655 PM MEST: Thread[service-j2ee-3,5,main]
WARNING: TagSwapper.doSwapFromParsedTagArray(): tag value unavailable: fontFace1
09/08/2004 05:27:28:658 PM MEST: Thread[service-j2ee-3,5,main]
AuthlessSessionContext.getCookieSupportMode() =>2
09/08/2004 05:27:28:666 PM MEST: Thread[service-j2ee-3,5,main]
WARNING: TagSwapper.doSwapFromParsedTagArray(): tag value unavailable: lastChannelName
09/08/2004 05:27:28:667 PM MEST: Thread[service-j2ee-3,5,main]
WARNING: TagSwapper.doSwapFromParsedTagArray(): tag value unavailable: fontFace1
09/08/2004 05:27:28:670 PM MEST: Thread[service-j2ee-3,5,main]
AuthlessSessionContext.getCookieSupportMode() =>2
09/08/2004 05:27:28:712 PM MEST: Thread[service-j2ee-3,5,main]
WARNING: TagSwapper.doSwapFromParsedTagArray(): tag value unavailable: fontFace1
09/08/2004 05:27:28:713 PM MEST: Thread[service-j2ee-3,5,main]
WARNING: TagSwapper.doSwapFromParsedTagArray(): tag value unavailable: productName
09/08/2004 05:27:28:713 PM MEST: Thread[service-j2ee-3,5,main]
WARNING: TagSwapper.doSwapFromParsedTagArray(): tag value unavailable: fontFace1
09/08/2004 05:27:28:716 PM MEST: Thread[service-j2ee-3,5,main]
AuthlessSessionContext.getCookieSupportMode() =>2
09/08/2004 05:27:28:723 PM MEST: Thread[service-j2ee-3,5,main]
WARNING: TagSwapper.doSwapFromParsedTagArray(): tag value unavailable: lastChannelName
09/08/2004 05:27:28:733 PM MEST: Thread[service-j2ee-3,5,main]
ERROR: DesktopServlet.handleException()
com.sun.portal.desktop.context.ContextError: DSAMEConnection.setAttribute(): attributeName=sunPortalDesktopDpDocumentUser value=<?xm
l version="1.0" encoding="utf-8" standalone="no"?>
<!DOCTYPE DisplayProfile SYSTEM "jar://resources/psdp.dtd">
"Display Profile of he anonymous user"
Exception: com.iplanet.am.sdk.AMException: User does not have sufficient access.
at com.sun.portal.desktop.context.DSAMEConnection.setAttribute(DSAMEConnection.java:700)
at com.sun.portal.desktop.context.DSAMEDPUserContext.storeDPUserDocument(DSAMEDPUserContext.java:49)
at com.sun.portal.desktop.context.PSDesktopContext.store(PSDesktopContext.java:394)
at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:664)
at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:288)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:720)
at org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperValve.java:118)
at org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.java:278)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:274)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:203)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:158)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
com.iplanet.am.sdk.AMException: User does not have sufficient access.
at com.iplanet.am.sdk.AMDirectoryManager.setAttributes(AMDirectoryManager.java:2226)
at com.iplanet.am.sdk.AMCacheManager.setAttributes(AMCacheManager.java:898)
at com.iplanet.am.sdk.AMObjectImpl.store(AMObjectImpl.java:1755)
at com.iplanet.am.sdk.AMObjectImpl.store(AMObjectImpl.java:1695)
at com.sun.portal.desktop.context.DSAMEConnection.setAttribute(DSAMEConnection.java:698)
at com.sun.portal.desktop.context.DSAMEDPUserContext.storeDPUserDocument(DSAMEDPUserContext.java:49)
at com.sun.portal.desktop.context.PSDesktopContext.store(PSDesktopContext.java:394)
at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:664)
at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:288)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.StandardWrapperValve.invokeServletService(StandardWrapperValve.java:720)
at org.apache.catalina.core.StandardWrapperValve.access$000(StandardWrapperValve.java:118)
at org.apache.catalina.core.StandardWrapperValve$1.run(StandardWrapperValve.java:278)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:274)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:203)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:505)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:158)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:598)
If i refresh the browser once or twice i can see the anonyomous portal.What�s the problem?
Charly

TagSwapper ?
which Portal Desktop Type are you using ?
Which Portal version ?
/ulf

While deploying to another server from RM client using build definition i got below error "Package location does not exist or deployer user does not have access"

We have installed RM client in the POC server .
Installed Deployment Agent in Dev server .
We created Configuration stages for POC->Dev.
We created a template with x copy deployer and selected source as build definition.
While releasing we faced following issue ,
The release was success in POC (Where RM client is installed), but in DEV environment (Which is different server)it got rejected because of the error
"Package location(Path) does not exist or deployer user does not have access"

Hi Dhamayandhi
There is quite a bit to do to get RM working successfully. I have a soup-to-nuts guide on implementing continuous delivery with TFS and RM
here.
Cheers - Graham
Blog:
http://pleasereleaseme.net LinkedIn:

The loged on user does not have permission to use this object'

A professional license user currently has Authorisation to all Customer BPs and Sales Documents.
When creating a random Sales Order, the error message
'Create POs(): The loged on user does not have permission to use this object'
is occuring. This is not occuring for all Sales Orders, this is occuring randomly.
Note that the Purchase Orders Button in the Logsitics tab in the sales order is NOT selected.
Cheers Lisa

hi lisa
there could be some changes in transaction notification from your side if there are any i would request you to please comment all the changes and then try saving the document it would definately go ahead as there has to be some change in the stored procedure ,
Regards,
Manish

'The logged-on user does not have permission to use this object'

Hello everyone,
I am getting the message 'The logged-on user does not have permission to use this object' while saving the Sales Order. I am logging in as a CRM user. There is an addon also running on the server, that saves some data into a user defined table when the Sales Order is saved. Is there any authoisation for users to access user defined tables.
Regards,
William

hi William,
this is an Authorization issue. provide the user with authorization on your UDT. Definition of user authorization can be found in Administration -- >> System Initialization -->> Authorizations -->> Additional Authorization Creator.... if already defined from here you can fined the additional authorization from the General authorization window.
regards,
Fidel

Error msg: Current user does not have privileges to perform product Activation

I am running Adobe Photoshop CS 8.0 on Windows Home Vista platform.
I keep getting this error message when I try to open Photoshop:
Current user does not have privileges to perform product activation. Run this application from a user account with administrative privileges or contact your system administrator.
I am the only owner & user of this software. I have re-installed the SW once (full install), and the error message went away for a while.
Now it's come back.
What do I do now?

2 options:
Either disable UAC (User Access Controls) or run the application with Administrator rights.

Error Message' "The loged on user does not have permission to use this obje

The loged on user does not have permission to use this object-
I am entering a Sales order, which is customized, when I add the Sales order this system imformation appears.
The user has a pro-license and authorizations to all AR
Can someone tell me what my problem might be?

Thank you for your help

The user does not have permission to perform the operation

Hi,
Configuration: JES Q405. Solaris 10 x86.
My customer initially installed JES (Portal + AM + DS) on the same box.
Now, they have a change in their requirement. They want DS to run dedicatedly in another box.
I have successfully installed a fresh instance of DS in the new box with the same domain name (thus maintaining the same dn). I have copied over 99user.ldif and exported all the data from the original DS in the old box.
Everything is running fine. DS in the new box is able to function properly.
On the Portal and AM side, I have changed the following file:
1. AMConfig.properties
2. serverconfig.xml
3. PSConfig.properties
I have also changed the Primary LDAP entry in iPlanetAMAuthLDAPService, iPlanetAMAuthMembershipService, and iPlanetAMPolicyConfigService.
However, when I started AM (which is running on Sun Web Server), I got the following error message:
------------------- in /var/opt/SUNWam/debug/amSDK ---------------------------
05/01/2006 04:46:43:324 PM SGT: Thread[main,5,main]
ConfigManager->Constructor: root DN dc=sg,dc=com
05/01/2006 04:46:43:403 PM SGT: Thread[main,5,main]
Invoking _ldapPool.getConnection()
05/01/2006 04:46:43:403 PM SGT: Thread[main,5,main]
Got Connection : LDAPConnection {ldap://sg-dsq405.sg.com:389 ldapVersion:3 bindDN:"cn=puser,ou=DSAME
Users,dc=sg,dc=com"}
05/01/2006 04:46:43:410 PM SGT: Thread[main,5,main]
Invoking _ldapPool.close(conn) : LDAPConnection {ldap://sg-dsq405.sg.com:389 ldapVersion:3 bindDN:"c
n=puser,ou=DSAME Users,dc=sg,dc=com"}
05/01/2006 04:46:43:411 PM SGT: Thread[main,5,main]
Released Connection : LDAPConnection {ldap://sg-dsq405.sg.com:389 ldapVersion:3 bindDN:"cn=puser,ou=
DSAME Users,dc=sg,dc=com"}
05/01/2006 04:46:43:411 PM SGT: Thread[main,5,main]
ERROR: ConfigManager->Constructor: Caught exception Message:The user does not have permission to per
form the operation.
------------------------------------ end --------------------------------------------------
-------------------------- in /var/opt/SUNWam/debug/amAuth ---------------------
05/01/2006 04:47:21:252 PM SGT: Thread[main,5,main]
Directory Host: sg-dsq405.sg.com
Directory PORT : 389
05/01/2006 04:47:21:298 PM SGT: Thread[main,5,main]
AuthD initializing
05/01/2006 04:47:21:610 PM SGT: Thread[main,5,main]
ERROR: AuthD failed to get auth session
05/01/2006 04:47:21:688 PM SGT: Thread[main,5,main]
ERROR: AuthD init()
com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:709)
at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:229)
at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:494)
at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:71)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:921)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:813)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3478)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:3760)
at com.iplanet.ias.web.WebModule.start(WebModule.java:251)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:652)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:355)
at org.apache.catalina.startup.Embedded.start(Embedded.java:995)
at com.iplanet.ias.web.WebContainer.start(WebContainer.java:431)
at com.iplanet.ias.web.WebContainer.startInstance(WebContainer.java:500)
at com.iplanet.ias.server.J2EERunner.confPostInit(J2EERunner.java:161)
----------------------------------------- end --------------------------------------------------
Any idea how to solve this problem? Thanks in advance!
justCheeChong
Message was edited by:
justCheeChong

check if the new DS instance has all the AM required ACI's.

List the items the user does not have access to.

I have a requirement to show the user a list of all the libraries of a site with the number of items in each even if the user does not have rights to the library. (the link or button will be grayed out if the user has no access)
I am looking for opinions on how to do it with the best performance possible.
The first candidate is to first enumerate all the items in all the libraries with elevated then do the same as the logon user and compare the collections.
The drawback is performance so maybe rely on the assumption that the overall content of the site does not change often so keep the collection from the elevated run in cache (with configurable lifetime) and only run as user on page load and compare with the
cache.
I am sure there is probably a better way so let's here it. can we take advantage of search?
This is on SP2013 but we are not using apps for unrelated reasons. We can use server object model.
Thank you all.
Ofer Gal

Hi,
I believe Search cant be used since Search is Security Trimmed. Search will not return the result if user dosent have the permission.
Thanks! Best Regards, Prasham Sabadra http://prashamsabadra.blogspot.in

Ui!ReportManager_0-1!219c!08/07/2014-16:18:21:: e ERROR: Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User 'SSRS_SERVER\SSRS_user1' does not have required permissions. Verify that sufficient permissions have been

I installed SSRS on an existing instance. Configured SSRS using report manager, loaded some reports and they work as expected.
The problem is I can not launch(IE)  Report Manager UI due to error in description. I can launch the Report Manager IF I RUN IE AS ADMINISTRATOR. The details of error from SSRS log file listed below.
The main page SSRS page starts to display. The display starts with "Home | my subscriptions |site Settings..." in upper right side, and "SQL Server Reporting Services" in upper left. Then the error displays
User 'SSRS_SERVER\SSRS_user1' does not have required permissions. Verify that sufficient     permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed.
Starting IE as administrator starts the Report Manager with out problems.
Does anyone have suggestion, is more information needed? Thanks, Joe
library!ReportServer_0-2!f4c!08/07/2014-16:18:21:: i INFO: Call to GetPermissionsAction(/).
ui!ReportManager_0-1!219c!08/07/2014-16:18:21:: e ERROR: Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User 'SSRS_SERVER\SSRS_user1' does not have required permissions. Verify that sufficient permissions have been
granted and Windows User Account Control (UAC) restrictions have been addressed.
   at Microsoft.ReportingServices.UI.FolderPage.Page_Init(Object sender, EventArgs e)
   at System.EventHandler.Invoke(Object sender, EventArgs e)
   at System.Web.UI.Control.OnInit(EventArgs e)
   at System.Web.UI.Page.OnInit(EventArgs e)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
library!ReportServer_0-2!f4c!08/07/2014-16:18:21:: i INFO: Call to GetSystemPermissionsAction().
ui!ReportManager_0-1!219c!08/07/2014-16:18:21:: e ERROR: HTTP status code --> 500
-------Details--------
Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User 'SSRS_SERVER\SSRS_user1' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions
have been addressed.   at Microsoft.ReportingServices.UI.FolderPage.Page_Init(Object sender, EventArgs e)   at System.EventHandler.Invoke(Object sender, EventArgs e)   at System.Web.UI.Control.OnInit(EventArgs e)
at System.Web.UI.Page.OnInit
(EventArgs e)   at System.Web.UI.Control.InitRecursive(Control namingContainer)   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
library!ReportServer_0-2!f4c!08/07/2014-16:18:21:: i INFO: Call to GetSystemPropertiesAction().
ui!ReportManager_0-1!219c!08/07/2014-16:18:21:: e ERROR: System.Threading.ThreadAbortException: Thread was being aborted.
   at System.Threading.Thread.AbortInternal()
   at System.Threading.Thread.Abort(Object stateInfo)
   at System.Web.HttpResponse.End()
   at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
library!ReportServer_0-2!2538!08/07/2014-16:19:00:: i INFO: Call to GetPermissionsAction(/).
ui!ReportManager_0-1!219c!08/07/2014-16:19:00:: e ERROR: Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User 'SSRS_SERVER\SSRS_user1' does not have required permissions. Verify that sufficient permissions have been
granted and Windows User Account Control (UAC) restrictions have been addressed.
   at Microsoft.ReportingServices.UI.FolderPage.Page_Init(Object sender, EventArgs e)
   at System.EventHandler.Invoke(Object sender, EventArgs e)
   at System.Web.UI.Control.OnInit(EventArgs e)
   at System.Web.UI.Page.OnInit(EventArgs e)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
library!ReportServer_0-2!2538!08/07/2014-16:19:00:: i INFO: Call to GetSystemPermissionsAction().
ui!ReportManager_0-1!219c!08/07/2014-16:19:00:: e ERROR: HTTP status code --> 500
-------Details--------
Microsoft.ReportingServices.UI.FolderPage+InsufficientPermissionsToRoot: User 'SSRS_SERVER\SSRS_user1' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions
have been addressed.   at Microsoft.ReportingServices.UI.FolderPage.Page_Init(Object sender, EventArgs e)   at System.EventHandler.Invoke(Object sender, EventArgs e)   at System.Web.UI.Control.OnInit(EventArgs e)
at System.Web.UI.Page.OnInit
(EventArgs e)   at System.Web.UI.Control.InitRecursive(Control namingContainer)   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
library!ReportServer_0-2!1c98!08/07/2014-16:19:00:: i INFO: Call to GetSystemPropertiesAction().
ui!ReportManager_0-1!219c!08/07/2014-16:19:00:: e ERROR: System.Threading.ThreadAbortException: Thread was being aborted.
   at System.Threading.Thread.AbortInternal()
   at System.Threading.Thread.Abort(Object stateInfo)
   at System.Web.HttpResponse.End()
   at Microsoft.ReportingServices.UI.ReportingPage.ShowErrorPage(String errMsg)
library!WindowsService_0!202c!08/07/2014-16:20:52:: i INFO: Call to CleanBatch()
library!WindowsService_0!202c!08/07/2014-16:20:52:: i INFO: Using folder N:\WFSLR_JOE\MSRS11.WFSLR_JOE\Reporting Services\RSTempFiles for temporary files.
library!WindowsService_0!202c!08/07/2014-16:20:52:: i INFO: Cleaned 0 batch records, 0 policies, 1 sessions, 0 cache entries, 1 snapshots, 4 chunks, 0 running jobs, 0 persisted streams, 4 segments, 4 segment mappings, 0 edit sessions.
library!WindowsService_0!202c!08/07/2014-16:20:52:: i INFO: Call to CleanBatch() ends

Hi Joseph_SQL,
The following operating systems limit the overuse of elevated permissions by removing administrator permissions when accessing applications: Windows Server 2012 R2, Windows 8.1, Windows 8, Windows Server 2012, Windows Server 2008 R2, Windows 7, Windows Server
2008 and Windows Vista.
Because the noted operating systems limit permissions, members of the local Administrators group run most applications as if they are using the Standard User account. To avoid open Report Manager in Internet Explorer always using Run as administrator option,
we can refer to the following configuration steps:
Add Reporting Services URLs to trusted sites.
Report Manager Folder Settings
Report Manager Site Settings
For more details about how to configure the settings, please refer to the following article:
http://msdn.microsoft.com/en-us/library/bb630430(v=sql.110).aspx. After finishing the configuration, we can re-open Report Manager in Internet Explorer without using
Run as administrator.
Hope this helps.
Thanks,
Katherine Xiong
If you have any feedback on our support, please click
here.
Katherine Xiong
TechNet Community Support

IDocumentQuery.Execute() method throws user does not have edit permissions exception

Similar Messages

Maybe you are looking for