Error: "Access is Denied" in Advanced Reporting with ROLE_USER access
search cancel

Error: "Access is Denied" in Advanced Reporting with ROLE_USER access


Article ID: 202731


Updated On:


Clarity PPM On Premise Clarity PPM SaaS


When attempting to open any reports in Jaspersoft you run into an issue. You are able to navigate throughout Advanced Reporting and can view the folders where the reports are housed, but whenever you click into a report, an error is thrown: 'Access is denied'.

This happens in Advanced Reporting for some users while using ROLE_USER access.


Release : Any


Advanced Reporting - Navigate right allows only the following: Allows resource to navigate to the Advanced Reporting page. It does not give the user access to run reports. To run reports you need additional permissions.

An issue can happen if rights are not provided correctly and ROLE_USER has access to see all/some reports, which is not recommended, as anyone with this right will have the potential to see and run all reports.


It is recommended to grant access to the CSK Access Groups with CSK permissions (examples below):

  • View items in the Ad Hoc Views and Dashboards folders
  • View the Financial Management domain
  • Run reports in the Financial Management folder

ROLE_USER should be set to No Access for CA PPM and then you have to use the permissions as described below.

Option 1: Reset the rights to the default settings

With this option, you can use the CSK access rights instead.

You could do a new clean install of Jaspersoft and move your custom reports there to achieve this. (Broadcom support recommended option)

Option 2:  Grant access to the reports directly

If you want to continue using the ROLE_USER having access to all setup, grant access to the reports directly to ROLE_USER. 

Note: This is not recommended by Support and can cause issues with permissions, after upgrading, mismatched results between environments, etc. 

  1. Check what permissions they have in Jaspersoft (Ensure they have ROLE_USER)
  2. Add them to the folder/reports as a user, not a role.

Here is an example of the default config where ROLE_USER has no access: