Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
We connect our Power BI reports to a mult-tenant data warehouse, and embed it in a Saas application. The current architecture proposed for the Power BI Service is to:
A major security concern we have is that if the "master" user's username and password were compromised, a malicious user would have access to all data for all of our customers by simply logging into the Power BI Service and looking at the reports.
Hi @trevorgermain,
1. There is multi-factor authentication indeed. You can active it for use "master". Could you please tell me if this could work?
Reference: multi-factor-authentication, multi-factor-authentication-how-it-works, multi-factor-authentication-get-started-cloud
2. What data warehouse it is? About the security of Power BI, please reference here and download the white paper: powerbi-admin-power-bi-security/
Best Regards!
Dale
1. The Multi Factor Authentication may work for me. I was attempting to use the conditional access feature in the Azure Portal, but wan't having much luck getting it to work. This MFA feature seems to work ok. I can restrict portal log in to the service, but programmatic access via ADAL still works.
2. The data warehouse is an On Premise SQL database that we will access via the data gateway.
Hi @trevorgermain,
1. Programmatic access restriction might influence the normal access. I think. Maybe this could help: powerbi-admin-auditing.
2. About Data Gateway security. Please reference:
powerbi-admin-power-bi-security (The link of the whitebook is in the first paragraph.)
powerbi-gateway-onprem-indepth
Best Regards!
Dale
The following links all show that using Resource Owner Password flow is a bad idea. In fact, the latest version of the ADAL library for .Net Core has removed the UsernamePasswordCredential entirely.
https://github.com/Microsoft/PowerBI-CSharp/issues/30
https://github.com/Microsoft/PowerBI-CSharp/issues/95
https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/482
http://stackoverflow.com/a/29110987
http://stackoverflow.com/a/28597758
http://stackoverflow.com/a/26795582
http://stackoverflow.com/a/39250380
I can only assume that the idea of application permissions will be coming to the Power BI service in the very near future, or the team has completely dropped the ball on the embedding security story.
When can developers expect a proper embedding authentication scenario?
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
58 | |
20 | |
19 | |
18 | |
9 |