I have recently faced a challange and I'm hoping someone in this amazing community has a work around for it.
My organization just adopted a new security rule where you can't access production data from PowerBI desktop. You'll have to access the database using a jump server and do everything there then upload your report to powerbi report server. Obviously this is very complicated.
Is this common practice? This is the first time I'm facing such problem and I can't get my head around it.
- the account I use has a read-only authorization
- the database is hosted on prem. not cloud.
- we use PowerBI report server desktop application for modeling and design then upload it to the server.
is there any work around that I can propose to the security team?
I think having a jump server to publish reports on Cloud and refresh your dataset over the cloud should be fine as you need to install PBI Gateway on the Jump server that will access the data for you and push it on the cloud.
But in the case of Power BI Report Server, since PBIRS is internally connected to all your database (single domain) that means when you refresh your dataset you don't need any PBI Gateway and hence PBIRS server can refresh data whether you are on Jump Server or not. If they are creating a policy to limit data access from jump server only that means it will hit your schedule refreshes or probably you need to move your PBIRS to jump server in order to overcome this problem.
if your organization is very concerned with data you can.
- Implement Microsoft intune in your organization
- register device on intune so that only authenticated and authorized people can access the data.
- Create a policy to allow open PBIRS only on authenticated devices.
Implement Row Level Security to allow authorized people to view permitted data.
Did I answer your question? Mark my post as a solution! Appreciate your Kudos!!