Kevin Oppihle's Tech Notes

If a user attempts to run a report and receives the following in a SQL base application. You may need to add the user to SSRS 2019   Unexpected Error The request failed with the HTTP status 401:Unauthorized or  Unexpected Error The permissions granted to user 'username' are insufficient for performing this operation (rsAccessDenied) To add a user or group to a system role: Start the web portal. Select the Gear icon in the upper right and then select Site Settings from the dropdown menu. Select Security. Select Add group or user. In Group or user, enter a Windows domain user or group account in this format: <domain>\<account>. Then to give the users access to SSRS reports? Click Home Folder settings Create a new role assignment so that you can grant access to the “Content Manager” role. (that will grant access so that the user can edit or build reports) Note: You can give them additional permissions in SSRS, such as the Report Builder permission to the Home folder if

Here is an older article on SPF Basics https://koppihle3.blogspot.com/2016/04/dns-spf-basics-what-you-need-to-know-to.html  to add to that... While you can only have ONE official SPF record for your domain, If your domain requires more include statements than you can fit on one SPF record (limit should be10).  It is DNS acceptable to create references to additional txt records that can include other SPF references but it is important to end all of them with a ~all. This is a common issue if you have several marketing or other services sending email for your domain or a monster domain such as Microsoft.com .  Note: Subdomains are handled separately and can have their own official SPF record. for Example for Microsoft using MXtoolbox.com to lookup the data: References include statements to other records:  So Rules are still. Put SPF records in priority access for example if your email primarily comes from proofpoint, put that first then any third party references such as SMTP IP's or

If you are using a local account rather than having MS created one from the wizard for better auditing and control. You may have to make some AD permissions changes via powershell. If you are seeing the following Export Errors: Caution- you are modifying AD permissions to grant an account high level access. Do not use a regular user/admin account! Security best practices requires creating a separate  service account that can be used exclusively for this process to allow proper auditing trail and security.  I have found the following 3 commands give permissions needed to access the attributes: $accountName = " Domain-Name \ User-Name " $ForestDN = "DC= Domain-Name ,DC= Domain-Extension " $cmd = "dsacls '$ForestDN' /I:S /G '`"$accountName`":WP;ms-ds-consistencyGuid;user'" Invoke-Expression $cmd accountName = " Domain-Name \ User-Name " $ForestDN = "DC= Domain-Name ,DC= Domain-Extension " $cmd = "d sacls