We have folder security in operation on PBIRS. Each folder can contain some Paginated Reports, Power BI reports and Excel workbooks. Security on the folder is maintained via AD Groups which is assigned Browser privileges on the folder.
This enables the Users to view/acces each of the folder contents, however since the August update, Excel workbooks no longer download when clicked. Paginated and Power BI reports operate as normal.
For the Users to access/open/download the Excel workbooks security on these files needs to be customised and elevated to Content Manager.
Has this change in security changed by design or by other reasons? Is it only me or are there others experiencing the same?
We operate in a similar way to that mentioned by kelly_darren above and are also experiencing this issue.
This issue comes following our recent upgrade to August 2018 PBIRS. That is, users in our organisation with Security level of "Browser" being unable to access/open/download Excel workbooks. They receive a HTTP 403 error, unless they are elevated to an access level of Content Manager. Our users are successfully able to open Power BI and Paginated reports with no problems in the Browser role.
It may or may not be related, but we have noted that there is a comment on the SQL SSRS 2017 upgrade (released on 31st August 2018) "Browser Role Behaviour Change". Perhaps this is related to the issue (ie. caused via this code being merged into PBIRS, or perhaps not merged in?)
I will echo kelly_darren's questions in asking whether this has been changed by design?
We have the same issue. We are on Sql 2017 db engine but do not have SSRS installed. We only have the seperate pbirs service installed and Aug 2018 update broke our uploaded excel reports. Browser throws 403 error states users must authenticate...but they are authenticated and can run any of the other reports in the same folder.
Just a brief update to others who may also be experiencing this issue.
I had initially granted access to all users as a workaround to this issue. However, as there was no resolution forthcoming, and to avoid users making changes directly to all files, I decided to grant elevated access only to excel files. That is, elevate access only to excel (.xlsx) files on the portal.
Although this may be time consuming (updating access on a case by case basis), from a governance perspective, this seems to be a [slightly] more sustainable approach compared to blanket elevated access to all reports.
Hope this assists and I welcome any feedback should there be a better alternative or (better yet) a fix!