cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
sonocapace Frequent Visitor
Frequent Visitor

Direct Query SQL Server Security

I've created an on-premises gateway using my Windows credentials. I've created several Power BI reports which pull directly from SQL Server views. The views rely on SQL functions to expose only the data to which a specific logged in user is mapped in the SQL database. These views work perfectly when used as data connections in Excel, but when a user tries to refresh the reports in Power BI online they see only the data to which I myself (the report creator) am mapped. Any suggestions?

1 ACCEPTED SOLUTION

Accepted Solutions
Moderator v-qiuyu-msft
Moderator

Re: Direct Query SQL Server Security

Hi @sonocapace,

 

In Power BI data gateway SQL Server data source, all queries to the data source will run using these credentials entered when creating the data source. So when users access the report, those credential are passed to SQL function on SQL side to limit the specific data.

 

In your scenario, I would suggest you use Row Level Security feature to limit user specific data. you can connect to the SQL Server tables instead of views, which has one column contains different user's User Principal Name (UPN). For example, user1@contoso.microsoft.com.

 

q6.PNG

 

In desktop, create a role use Username() via Manage Roles like below:

 

q5.PNG

 

After publish the report to service, go to dataset security, add users under this role. For detail information, please refer to this article: Row-level security (RLS) with Power BI.

 

 

Best Regards,
Qiuyun Yu

 

 

Community Support Team _ Qiuyun Yu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

1 REPLY 1
Moderator v-qiuyu-msft
Moderator

Re: Direct Query SQL Server Security

Hi @sonocapace,

 

In Power BI data gateway SQL Server data source, all queries to the data source will run using these credentials entered when creating the data source. So when users access the report, those credential are passed to SQL function on SQL side to limit the specific data.

 

In your scenario, I would suggest you use Row Level Security feature to limit user specific data. you can connect to the SQL Server tables instead of views, which has one column contains different user's User Principal Name (UPN). For example, user1@contoso.microsoft.com.

 

q6.PNG

 

In desktop, create a role use Username() via Manage Roles like below:

 

q5.PNG

 

After publish the report to service, go to dataset security, add users under this role. For detail information, please refer to this article: Row-level security (RLS) with Power BI.

 

 

Best Regards,
Qiuyun Yu

 

 

Community Support Team _ Qiuyun Yu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Helpful resources

Announcements
Can You Solve These Challenge

Challenge: Can You Solve These?

Find out how to participate in the first Power BI 'Can You Solve These?' challenge.

Community News & Announcements

Community News & Announcements

Get your latest community news and announcements.

Virtual Launch Event

Microsoft Business Applications October Virtual Launch Event

Join us for an in-depth look at the new innovations across Dynamics 365 and the Microsoft Power Platform.

Community Kudopalooza

Win Power BI Swag with Community Kudopalooza!

Each week, complete activities and be qualified in the drawing for cool Power BI Swag.

Users Online
Currently online: 6 members 1,013 guests
Please welcome our newest community members: