Skip to content


You do not have security privileges to publish this report when publishing an Excel report

Jeff asked 2 years ago
I found an article the details the nature and solve for the issue.  However, the solve does not talk about what the best practice is for assigning a particular user, our Controller, appropriate permissions.
They should have

  • sa user

  • DYNSA user

  • Any user in the db_owner database role in SQL

  • Any user in the SysAdmin fixed server role in SQL

The first two are non-starters, I don’t want them logging in as sa or DYNSA, so that leaves the last two options as candidates.  Which of those 2 are considered best practice and what are the ramifications for adding those particular roles to that user?
Nicole Albertson Staff answered 2 years ago
I would agree that you don’t want your users logging in as ‘sa’ or ‘DYNSA’ as they should be logging in with their GP user. 
The db_owner option on each database is going to be the more restrictive option for you.  It is only giving the users GP user access to publish in the databases you put them in the db_owner role.  The sysadmin option is going to give the user access to all the databases in your system as it is basically giving the user ‘sa’ like rights.
The one thing to keep in mind with this is that you are doing this to the GP user, so even if you give them sysadmin rights, that is not really giving them much more than what they need for Excel Report Builder and possibly a few other tools like the Professional Service Tools Library to function.  They still have to have access to those tools in GP though to do anything.  It doesn’t give them any further rights on the SQL side to say log into Management Studio or anything because their GP user’s password is encrypted by GP and won’t work outside of GP, so they would not be able to log in with it anywhere else.
My recommendation is to generally use the db_owner option on each database as it is the more restrictive of the two.  The only downfall to it is you have to manage it on each database versus just setting it once at the system level like you would with sysadmin.
Hope this helps, but let me know if you need anything further.
Jeff replied 2 years ago

Thanks Nicole, that was exactly the advice that I was looking to get. Maybe the help link should be amended with this additional information as it points us in the “best practices” direction.

If you would like to submit an answer or comment, please sign in to the eOne portal.