cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
NickColebourn Frequent Visitor
Frequent Visitor

Enterprise Gateway - Permissions to Create

Have searched the documentation to death but can't find the answer to this seemingly simple question:

 

What permissions to you need to create an Enterprise Gateway? Is it just Admins or can users create them? From my testing it seems any user can install and create Enterprise Gateways which seems like a massive security hole whereby we'll be left with dozens of unmanaged gateways with random names etc.

 

Also, is there any documentation of Power BI roles / processes and the permissions needed to perform each one?

 

Thanks

 

Nick

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Super User
Super User

Re: Enterprise Gateway - Permissions to Create

@NickColebourn Gateways just refresh data, if you have users accessing data and sharing that the gateway isn't the hole.

There are a couple thing in play here, could anyone install a gateway on their own machine? Sure, if they have the rights to create the Service. Could they do it on a Server? They would need access, they would need to open the appropritate ports, etc. All of which require elevated privelages.


But as outline in the FAQ in the Administration section, there is a gap currently in monitoring or restricting mass proliferation of gateways of any type.

Question: Can I prevent users in my organization from creating a gateway?
Answer: No. This is on the roadmap, but we don’t have a timeframe.

Question: Can I get usage and statistics information of the gateways in my organization?
Answer: No. This is on the roadmap, but we don’t have a timeframe.

Near SE WI? Join our PUG Milwaukee Brew City PUG
2 REPLIES 2
Highlighted
Super User
Super User

Re: Enterprise Gateway - Permissions to Create

@NickColebourn Gateways just refresh data, if you have users accessing data and sharing that the gateway isn't the hole.

There are a couple thing in play here, could anyone install a gateway on their own machine? Sure, if they have the rights to create the Service. Could they do it on a Server? They would need access, they would need to open the appropritate ports, etc. All of which require elevated privelages.


But as outline in the FAQ in the Administration section, there is a gap currently in monitoring or restricting mass proliferation of gateways of any type.

Question: Can I prevent users in my organization from creating a gateway?
Answer: No. This is on the roadmap, but we don’t have a timeframe.

Question: Can I get usage and statistics information of the gateways in my organization?
Answer: No. This is on the roadmap, but we don’t have a timeframe.

Near SE WI? Join our PUG Milwaukee Brew City PUG
NickColebourn Frequent Visitor
Frequent Visitor

Re: Enterprise Gateway - Permissions to Create

@Seth_C_Bauer Thanks for the clarification. At least with the knowledge I can architect accordingly!

 

I do wish Microsoft would organise all their product documentation consistently, not including security limitations in the "In-Depth" downloads seems strange.

 

In the meantime it'll be a case of ensuring the relevant download links and servers are secured properly and the business controls are in place.

 

One interesting side note, a user created Enterprise Gateway can't be seen by a global administrator unless the user explicitly adds them to the list of gateway administrators. I would have thought a global O365 / PBI admin would be able to see all objects in the service regardless.

 

Thanks again for the reply.

 

Nick