If you're seeing an error when sending a report that says "You don't have read permissions on the User External Credential object," then this article is for you.
Why is This Needed
To access external systems, including our file generation service, users need to have access to User External Credentials.
From Salesforce Help: Enable User External Credentials
"Tokens for named credential callouts are encrypted and stored in the User External Credential object. Any user performing an authenticated callout needs profile- or permission set-based access to user external credentials. Most standard permission sets and profiles have access to the User External Credentials object by default. For the guest user profile, and for some custom permission sets and profiles, you must assign User External Credentials object permissions manually."
How to Fix
This is not added to our permission sets because Salesforce does not allow package providers to add this permission.
To give a user access, either create and assign a custom permission set or edit their profile. For Report Sender, the only required permission is Read access to the User External Credential object.
Here is an example of a custom permission set:

