Showing results for 
Search instead for 
Did you mean: 
Frequent Visitor

On Premise Data Gateway Permissions Only Working for Individuals

We have the On-Premises Data Gateway installed and running successfully (v 14.16.6584.1). We have created a PowerApp that connects to on-premise SharePoint 2016 list data via the gateway. Permissions to the SharePoint list are assigned via an AD security group and the PowerApp is also shared with the same AD security group with 'Can Use' permissions. We also have to assign permissions on the Gateway which we do in by navigating to 'Gateways' > selecting our gateway > Users. Here we add the users of the app with 'Can Use' permissions on the gateway. When the user runs the app for the first time, they are prompted to allow the SharePoint connection and have to enter their username and password, once they do this the app runs and connects to the data successfully. However, if we remove the individual user from the Gateway permissions and instead add the AD security group that the user belongs to with 'Can Use' permissions on the gateway, when the app is run for the first time and the user is prompted to allow the SharePoint connection, when they enter their credentials they receive the error message: "We weren't able to add this connection. Please try again" "PowerBINotAuthorizedException Session ID: [GUID]" The same problem occurs if we click the 'Add everyone in my org' button on the gateway permissions and add 'Can use' permissions for the whole organisation. We have ensured that the AD security group is synchronised correctly via DirSync and have logged the user out and back in before testing but the problem persists. There is no information in the gateway server logs relating to this, even after enabling enhanced logging. It seems that only individuals added to the gateway permissions are recognised. Any groups fail. This presents a problem when we need to share an app using a gateway connection with a large number of users as it's not practical to add hundreds of users individually. It's important to note that once the connection has been added successfully it will tend to work when the individual user is removed and replaced by a group on the gateway permissions so to recreate the error you must delete the SharePoint connection from the 'Connections' menu before running the PowerApp again so that it prompts to allow the connection when the app is launched.
Not applicable

I'm sorry I don't have the answer, but we are planning to do the same thing. And getting the same error.

It's been a while since we looked at this...  We did have a case open with MS but never got a resolution. 


I think one of the updates to the gateway got the 'add everyone in the organisation' permission on the gateway working so that individuals didn't have to be added but we never got AD groups to work!

Helpful resources

Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

Power Platform Call June 2022 768x460.png

Power Platform Community Call

Join us for the next call on June 15, 2022 at 8am PDT.

PA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

This training provides practical hands-on experience in creating Power Apps solutions in a full-day of instructor-led App creation workshop.


New Release Planning Portal (Preview)

Check out our new release planning portal, an interactive way to plan and prepare for upcoming features in Power Platform.

Top Solution Authors
Top Kudoed Authors
Users online (3,038)