Recently I set up Forms Based Authentication on a SharePoint 2007 (MOSS) site with Reporting Services working in SharePoint integration mode. It seemed as though things were working correctly. However, after a couple of days we got some reports from the users that they are getting following error while running their Reporting Services subscriptions: The permissions granted to user Provider:ID’ are insufficient for performing this operation.
All permissions are given using role provider groups. Permissions are still working for all other users in the same group as this user. There is nothing in SSRS log except "<SSRS>.Utilities.AccessDeniedEception". But in the event log we are seeing below error.
"Cannot get Role Manager with name <Provider>. The role manager for this process was not properly configured. You must configure the role manager in the .config file for every SharePoint process"
As this was production, the work around was to created a new user account and "Provider:ID2” and added this user to the same group as "Provider:ID” and asked the user to use this new account so that they could still get to the reports and functions that they needed. Unfortunately it only worked for about a week before we ad the same issue again.
We have researched and found "http://msdn.microsoft.com/en-us/library/aa543158.aspx" on MSDN about user token issues, Where in Managing User Tokens section mentioned below:
"If the user account is a membership user, then SharePoint queries the ASP.NET RoleManager for all the roles the user belong to. This may fail if there is not a proper .config file for the current executable file."
The solution was to remember to add the membership provider and rolemanger tags to the ReportingServicesService.exe.config file and ReportServer websites web.config the same as for the FBA SharePoint site web.config. It makes sense once you know the solution, but it is not intuitive that the membership provider has to be set up in multiple locations when using Integrated Reporting Services. Not sure why it worked for a while and then defaulted back to the same error message as previous. It would appear that the permissions are set initially and something along the way resets the .config files.