Can't create an MDS website through a low-privilege account in SQL Server 2016

If you specify a low-privilege Active Directory account for the application pool when you create a website in Master Data Services Configuration Manager, the website is set up incorrectly. Additionally, when you try to access the MDS website, you receive the following error message:
"Server Error in '/MDS" Application. Security Exception.

Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permissions please contact your system administrator or change the application's trust level in the configuration file."
To work around this issue, add the Active Directory account to the local administrators group on the system that hosts the web application.
The fix for this issue is included in the following cumulative update for SQL Server:

Note This fix resolves this problem only when you install a slipstreamed version of SQL Server that includes SQL Server 2016 RTM and Cumulative Update 1 for SQL Server 2016 or a later cumulative update. For existing installations, you must use the solution that's documented in the "Workaround" session. 
About cumulative updates for SQL Server
Each new cumulative update for SQL Server contains all the hotfixes and all the security fixes that were included with the previous cumulative update. Check out the latest cumulative updates for SQL Server:

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminology that Microsoft uses to describe software updates.

Article ID: 3170078 - Last Review: 08/23/2016 17:00:00 - Revision: 2.0

Microsoft SQL Server 2016 Developer, Microsoft SQL Server 2016 Enterprise, Microsoft SQL Server 2016 Standard

  • kbqfe kbfix kbexpertiseinter kbsurveynew KB3170078