Hi Thomas,
Ask him perform same exercise like selecting attributes and immediately in another session take SU53 transaction code screenshot which will give missing authorization objects.
OR
You can execute report with his id through tcode RSECADMIN-->Analysis tab-->Execute as , after executing query you can check log for what he is missing.
Thank you,
Nanda