Error "Access Denied" occurs when trying to view an IT Analytics report

Article Id: 157177
Status: Published
Updated On: 17-02-2017 15:50
Legacy Id: TECH198107
Products:
Endpoint Encryption , IT Analytics
Issue/Introduction:

When trying to view an IT Analytics report, the error "Access Denied" occurs.

Access Denied.

Cause:

Various.

Resolution:

Different IT Analytics (ITA) and Microsoft SQL Server Report Server (SSRS) configuration settings can result in this issue. The following steps walk the user through checking various areas that can be an issue.
 

  1. In the Symantec Management Platform Console, click on the Settings button > Notification Server > IT Analytics Settings.
  2. Click on Configuration.
  3. In the Report Server section, in the Authentication Type field, it is recommended that this is set to Stored Credentials. This user account must have full access to be able to use SSRS. Optimally, the account used by the Reporting Services Configuration Manager for the Service Account should be used. If it is known that this user (while logged in as such) works, but others do not, this is especially true. If a different account is desired to be used but does not work, please contact your DBA for assistance in configuring SSRS security. Note: If Windows Integrated Security, works, however, verify which account was used and then the DBA or network administrator will need to be contacted to determine what the differences are between this Windows account and the desired Windows account's permissions.
  4. Click on the Save Security Settings button if any changes were made.
  5. Click on Reports.
  6. Click on the Security tab.
  7. If the user is not added here, add them.
  8. Click on the Save Changes button if any changes were made.
  9. The user may be in the wrong Altiris Security Role. ITA users must be in at least the IT Analytics Users and as a minimum, also in the Symantec Guests roles. More information about this can be found here:

    Error "Access Denied" occurs when trying to use the Symantec Management Platform Console while using the IT Analytics Users security role
    http://www.symantec.com/business/support/index?page=content&id=TECH169571
     
  10. In the Report Manager by default  (http://<ssrs server name>/Reports), if the user cannot access this at all, this is also likely due to permission issues but are entirely on the SSRS and have nothing to do with ITA. Please contact your DBA for assistance in configuring SSRS security.
  11. If the user can access Report Manager, however, or a different user can, this can then be used to check report security. Click to open the IT Analytics report folder.
  12. Highlight the IT Analytics data source and click on Manage.
  13. Under the "Connect using" section, this should be set up the same as step 3. If not, change it to be so.
  14. Click on the Test Connection button. If this fails, contact your DBA for further assistance.
  15. Click on the Apply button once the Test Connection button works.
  16. Repeat steps 12 through 15 for the CMDB data source.
  17. If all of this is configured but reports still cannot be accessed, verify if these are able to be while on the Symantec Management Platform server or on the SSRS. If so, then Microsoft Kerberos may need to be next installed to enable the network authentication to continue past three hops. Information about this can be found here:

    Does IT Analytics work with Microsoft Kerberos?
    http://www.symantec.com/business/support/index?page=content&id=HOWTO60755