I was assisting a client clean up an installation of PerformancePoint. They thought they had followed all of the steps, but were perplexed by an error they were getting after deploying the dashboards to SharePoint. Given what was at the bottom of the error, and how few people realized this slight difference in authenticating accounts, I figured it was worth a quick post.
To start, the error received was:
"You do not have permission to see this data. (Domain\UserAccount). Contact the administrator for more details."
My client was perplexed. They had developed the dashboard in Dashboard Designer and previewed it with success on the Monitoring server preview site. This person was an admin of Monitoring server and a site collection admin in SharePoint. The question to me then was – what was going on?
To help explain, below is a diagram of a sample diagram of a PerformancePoint deployment on a farm, which is exactly what this client has in their environment:
The big "gotcha" here for him is based on the usage of NTLM as the authentication method and a lack of understanding on where deployed dashboards actually render and load.
In a non-Kerberos implementation, deployed dashboards will connect to data sources under the identity of the SharePoint service, which was the bit of understanding this user was missing – his perception was that SharePoint rendered output from the Monitoring web service, and thus authentication still happened from the Monitoring Web Service – once this perception was corrected, we added the SharePoint account as a reader on the cube for his dashboards and life went back to normal.
Tags:
Categories: Performance Point