Thanks, the report starts working if I set read permission to "ROLE_USER" on the folder (or directory) contains domain and data source. But now the user is able to see all domains/data sources in the folder under repository tree. I don't want user to see any data source/domain under the repository tree but still able to execute reports. If I set "execute" permission on the folder containing data source/domain, then report doesn't work. Any idea?