cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Frequent Visitor

On-Premises Gateway Administrator

I have a question about Administrators of an On-Premises Gateway.  

 

We have the On-Premises Gateway installed on a dedicated server, but at that time did not have a service account so an individual set it up in order to start creating dashboards with data source connections in Power BI Service.  We now have a unique service account and would like to make sure that account can log into the server with the gateway installed and make changes when needed.

 

In the Power BI Service under Manage Gateways I have added that new service account as an administrator of the gateway in addition to two other individuals who should also be able to manage the gateway.

 

Manage_Gateway_2017-10-04_0806.png

 

 Can any one of these administrators log into the gateway server and "Migrate, restore or takeover an existing gateway"?

Or is there only supposed to be one Administrator of an On-Premises Gateway?

1 ACCEPTED SOLUTION
Advocate I
Advocate I

There's a difference between the Administrator (who is responsible for setting up Data Sources within the Gateway) and "named users" who are simply allowed to set up refresh in reports using the Gateway.

 

You want to use a Service Account for the credentials in almost any Data Source you set up in the Gateway.  However, that Service Account does not need to be an Administrator of the Gateway, OR a named user on a particular Gateway data source.  In fact, you really SHOULDN'T put the service account on there in either capacity.  

 

The Administrator of the Gateway should be a "real person" with a real Windows account, who has admin rights on the machine on which the Gateway is installed.  That person then has rights to set up Gateway Data Sources within the Gateway.  

 

The Administrator would use the Service Account's credentials when they establish a connection to a particular data source (i.e. a particular database).  In other words, the Service Account is for the actual data source.  You want to use a Service Account for this for a number of reasons:  for security purposes (since that user typically needs pretty wide-ranging access to objects within the data source), to avoid password expiration issues, etc.  

 

So then, in order to allow users to set up Scheduled Refresh, etc, on a given dataset in the Power BI Service, those users must be specifically added to the Gateway Data Source.  This gives them effective permissions to set up a Refresh Schedule for that dataset using the Gateway.

 

No question that this is all a little convoluted, and not necessarily well-explained in the docs....

 

 

View solution in original post

3 REPLIES 3
Advocate I
Advocate I

The Gateway Administrator should be a legit domain user, assigned as Admin to the Gateway using their domain account

The Gateway Admin sets up Data Sources within the Gateway, monitors Gateway activity, etc.   You don't use a Service Account here, because the Admin really needs to be a real person (or real people).

 

Instead, where you need a Service Account is for any Data Source you set up.  You do not want to set up a Gateway Data Source against, say, a SQL or Oracle DB (or what have you) with a typical user login.  That's insecure, the password will eventually expire, etc.    You want a Service Account here instead.   Remember, the idea is that the Gateway Data Source has "generic" access to the underlying source, with pretty wide-ranging read-only access to objects within the database.  This is because it will need to support ANY report that might be written against that underlying data source.  🙂

 

Once you have a Gateway Data Source set up and have connectivity to the underlying actual data source, then you add Named Users to the Gateway Data Source.  Those named users will then have the ability to use the Gateway to set up a Refresh Schedule against that particular data source.

 

 

 

This is quite a good treatise on this subject. Many customers enquire whether the account that is assigned as administrator of the gateway also 'occupies' a PowerBI pro license. Can't find an answer to that specific question..

Advocate I
Advocate I

There's a difference between the Administrator (who is responsible for setting up Data Sources within the Gateway) and "named users" who are simply allowed to set up refresh in reports using the Gateway.

 

You want to use a Service Account for the credentials in almost any Data Source you set up in the Gateway.  However, that Service Account does not need to be an Administrator of the Gateway, OR a named user on a particular Gateway data source.  In fact, you really SHOULDN'T put the service account on there in either capacity.  

 

The Administrator of the Gateway should be a "real person" with a real Windows account, who has admin rights on the machine on which the Gateway is installed.  That person then has rights to set up Gateway Data Sources within the Gateway.  

 

The Administrator would use the Service Account's credentials when they establish a connection to a particular data source (i.e. a particular database).  In other words, the Service Account is for the actual data source.  You want to use a Service Account for this for a number of reasons:  for security purposes (since that user typically needs pretty wide-ranging access to objects within the data source), to avoid password expiration issues, etc.  

 

So then, in order to allow users to set up Scheduled Refresh, etc, on a given dataset in the Power BI Service, those users must be specifically added to the Gateway Data Source.  This gives them effective permissions to set up a Refresh Schedule for that dataset using the Gateway.

 

No question that this is all a little convoluted, and not necessarily well-explained in the docs....

 

 

View solution in original post

Helpful resources

Announcements
secondImage

Experience what’s next for Power BI

Join us for an in-depth look at the new Power BI features and capabilities at the free Microsoft Business Applications Launch Event.

secondImage

Power BI Women

Join our monthly meetings and learning sessions.

secondImage

Congratulations!

We are excited to announce the Power BI Super Users!

secondImage

The largest Power BI virtual conference

100+ sessions, 100+ speakers, Product managers, MVPs, and experts. All about Power BI. Attend online or watch the recordings.

Top Solution Authors
Top Kudoed Authors