Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hi,
If I use a SQL username/password in Power BI Desktop to connect to SQL Server (either DirectQuery or Import), is there a possiblity that the SQL username/password can be extracted from the /pbix file and breach security? I'm source controlling .pbix files in GitHub so would like to mitigate any security risks.
Thanks
@Anonymous, If you rename the .pbix file to.zip, you have access to the underlying data files. You will find the DataMashup file and DataModel file. The DataMashup file contains the SQL Server name, domain, database, schema and table details. And the DataModel file contains the user profile name. Anyone who opens the .pbix file can get the server name, database name and even credential name related information.
Even though SQL authentication appears to be encrypted in the file and not visible by other users. However, I still don't think it is a good idea to share a .pbix file with anyone don't trust or post it publicly.
@Anonymous
So far I don't find any document that can free your concern. From what I observe, the involved credentials need to be re-initialized in Power BI service when publishing a pbix from desktop. So I prefer to think that there's no way to extract the credentials(Or they don't have to be re-initialized again).
Thanks for your feedback, I'd consult this concern internally and would post any update if I get. 🙂
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
114 | |
97 | |
85 | |
70 | |
61 |
User | Count |
---|---|
151 | |
120 | |
103 | |
87 | |
68 |