Denny Lee is a BI advisor at Microsoft. He goes through the joys of configuring security, Kerberos and delegation around Sharepoint and Powerpivot.
There are many blogs on this subject, which to me indicates a failing in Microsoft’s security deployments, and the overcomplexity of Sharepoint when it comes to the Windows security model. Users accessing PowerPivot within Sharepoint may notice that they don’t have access, when the same level of accounts for other users do.
This scenario works out well when a VP can’t get into their director’s PowerPivot workbooks.
Sometimes the issue comes down to plumbing within the Active Directory infrastructure, where years of upgrades have caused legacy issues to creep up. New users will be assigned default security permissions where migrated users may not have these permissions.
Following the lifetime of a security token isn’t my idea of fun, but it is definitely a challenge that will keep security consultants employed for the next few years…