Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Kraggle
Frequent Visitor

Passthrough Authentication for Google BigQuery?

‎04-27-2022 07:27 AM

Hi,

 

first of all I would like to mention that I'm new to Power BI, as User, Devloper and Admin and in the beginning phase of a project. My work experience is based on MicroStrategy, please excuse if I'm using wrong terms. 

 

We have a distributed data warehouse based on BigQuery located in different GCP Projects. We use GCP features to manage the access on those projects and it's data with Authroized Views / IAM Roles etc.

 

Now we would like to use Power BI for our end users to visualize the data on their own. But we also want to create some reports provided by us, the BI department.

 

Our wish is, that we as BI developer create reports and dashboards. And when a user executes the report, the user should authenticate to Google, that the report only shows the data he is supposed to see with his Google Account. 

 

Our current situation unfortunatley is as follows:

We can import data to Power BI, but then the User access the imported data without additional authentication to goole.

If User B wants to execute the Report with his accoutn, User B needs to take ownership of the Dataset and update the credentials.

 

If we use DirectQuery, we need a gateway with a service account. The permissions of the users google account won't affect the report obviously. Additionally we have to map our google permissions to something based on Power BI with Roles and RLS (and do key rotation for the Service Account every now and then).

 

Basically we are looking for an option which is available for Azure SQL:

sso-dialog

 https://docs.microsoft.com/bs-latn-ba/power-bi/connect-data/service-azure-sql-database-with-direct-c... 

 

 

Are we missing an option? Does anybody has experience with that kind of requirement togehter with BigQuery? 

Anybody experience with workarounds (e.g.using BigQuery ODBC driver) or https://docs.microsoft.com/en-us/power-query/startingtodevelopcustomconnectors

 

I saw similar posts like this one: https://community.powerbi.com/t5/Service/PowerBI-Pass-through-Authentication-for-Data-source/m-p/903... but it's not exactly solving our requirement.

 

Thanks in advance!

Labels:
Message 1 of 6
1,692 Views
0
5 REPLIES 5
hi_world
Helper III
Helper III

‎03-29-2023 10:07 PM

Hello, 

 

with the new version of March, have you managed to unblock the situation?
If yes how did you do it?

 

Best regards

Message 6 of 6
1,052 Views
0
ggbae
Frequent Visitor

‎05-26-2022 06:04 AM

Hi,

 

Were you able to find a solution to this? I have similar issue where I am using view to enforce row-level access based on the current user in bigquery and for it to work, I need a feature where end users will use their credentials in power bi service.

 

Also, where are you implementing the RLS? In bigquery or power bi report?

Message 4 of 6
1,538 Views
0
Kraggle
Frequent Visitor
In response to ggbae

‎05-26-2022 12:51 PM

Hi,

 

unfortunatley not, we use the workaround with the Service Account through the Gateway for now. (see my response from ‎05-11-2022)

Please note that in the meantime Microsoft released a bug during the process of adding Service Account Credentials to a BigQuery Datasource: 

https://community.powerbi.com/t5/Issues/Accountkey-limited-to-200-characters-in-the-new-interface-of...

 

We are still in the beginning of our Power BI setup, we just got Admin rights to our own capacity but requested external help as I only have experience as MicroStrategy Admin.

Right now we can split our users in just two groups and separate the access with two Workspaces.

We also would like to use our Authorized Views as intended but can't, as we have to work with the SA-workaround. I currently see no chance using BigQuerys RLS capabilities 😕 

With an increasing amount of reports we will have to implement RLS in Power BI.

 

If you or anybody else can help, please ping me too 😉

Message 5 of 6
1,525 Views
0
v-yanjiang-msft
Community Support
Community Support

‎05-02-2022 07:18 PM

Hi @Kraggle ,

There're some tips in this document for your reference:

When authenticating through a Google service account in Power BI Desktop, there's a specific credential format that's required by the connector.

  • Service Account Email: must be in email format
  • Service Account JSON key file contents: once this JSON key is downloaded, all new lines must be removed from the file so that the contents are in one line. Once the JSON file is in that format, the contents can be pasted into this field.

When authenticating through a Google service account in Power BI service, users need to use "Basic" authentication. The Username field maps to the Service Account Email field above, and the Password field maps to the Service Account JSON key file contents field above. The format requirements for each credential remain the same in both Power BI Desktop and Power BI service.

Best Regards,
Community Support Team _ kalyj

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 6
1,600 Views
0
Kraggle
Frequent Visitor
In response to v-yanjiang-msft

‎05-11-2022 12:15 AM

Hi @v-yanjiang-msft ,

 

thank you for your reply. We are using the Service Account with a key file for now, but this workaround doens't scale in our case.

 

This is fine for our first report which consumes data from one Google Project, but as the data is distributed accross serval Projects operated by different teams, we now have to create service accounts for each project and this results in many manual (afaik, as I don't see options for Workload Identity Federation) Key Rotations in the gateway in future.

We also have to implement additional secruity measures in power BI as our Policies in Google are bypassed. 

 

 

I will update this thread when we found a suitable solution for our architecture

Message 3 of 6
1,550 Views

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All