cancel
Showing results for 
Search instead for 
Did you mean: 

Members in nested AD groups can't run BI reports

I have found an issue with permissions in Power BI Report Server associated with nested AD groups.  We use Active Directory (on premise) groups to control permissions in PBIRS.  I have found that if members are listed directly in the group then the BI reports run as expected, e.g., Group A > member Person A, Preson B, etc.  If members are listed implicltly as part of a nested group the BI reports do not run, e.g., Group A > member Group B > member Person A, Person B, etc.  All permissions on folders, etc. work fine with members in nested groups, but when the user tries to run a Power BI report the loading icon appears and then there is no report.  I would not have expected this behavior as this is a MS product so I am guessing this is a bug of somekind.

 

I am running PBIRS v15.0.2.557.

 

RESOLUTION:

I worked with support on this issue and it turns out the issue was due to a 1-way trust between the domains.  I was using a service account in domain A to run the Power BI Report Server in domain B.  Once I switch to using a service account in the same domain as PBIRS the issue went away. 

Status: New
Comments
Moderator

Hi @mrbonvivant,

 

Based on my understanding, you have create two groups, Group A and Group B, Group B is a member of the Group A. In PBI RS web portal, you have grant permission for the Group A, when the member of Group B to run reports, the report, report displays blank, right? 

 

I have created nested group (security group), grant permission for GroupA on root folder, when the member of the child group to run the report, the report displays fine. 

 

q1.PNGq2.PNGq3.PNGq4.PNG

 

 

Please check if all reports on your side have this issue. Are they security groups? 

 

Best Regards,
Qiuyun Yu 

Frequent Visitor

Thanks @v-qiuyu-msft.  When using local groups I don't have the issue.  It only happens if I am using Active Directory security groups.

 

Here is a little more information about the issue I am having. These groups are in separate (trusted) domains.

 

  • Group A (domain 1)
  • User A (domain 1)
  • Group B (domain 2)

Group A contains User A. Group B contains Group A. User A can navigate, but is unable to run any reports.

 

I also have case 118092019053210 open for this issue.

Frequent Visitor

I worked with support on this issue and it turns out the issue was due to a 1-way trust between the domains.  I was using a service account in domain A to run the Power BI Report Server in domain B.  Once I switch to using a service account in the same domain as PBIRS the issue went away.