Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
osacapcom
Frequent Visitor

Power BI service and on-premise data gateway security concerns

‎12-19-2022 02:35 AM

We have implemnted Power BI service in our company via clound service and on-premise data gateway and it's really enjoyable to use it . but we have two elements which are on-premise (data gateway server & database server  (Oracle database)) .

 

Our on-premise data gateway upload (aggregated data without senstive ) on daily basis to the Power BI service .

so our security departments have many concenrs about how secure the data gateway ? because I have to enter the local db credentails For the Power BI service .

 

I have security concenrs in three scenarios :-

 

1. what if (theoretically)  somene steal my credentials manged to access my Power BI account ...

  •    can he see other tables in the database that I didn't uploaded in my data set without any hacking
  •    can he she perform SQL queries without any hacking?
  •  he can see only the uploaded data from the dataset only  ?
  • can he see the stored local database username and password that stored in the service ?

2. Can the hacker reach our on-premise local database throught the Power BI service and then use the data gateway to access our local database and reach other related systesm ?

 

3. can I make the gateway server have only outbound network  data connection ?

Message 1 of 3
918 Views
0
1 ACCEPTED SOLUTION
v-xiaoyan-msft
Community Support
Community Support

‎12-19-2022 05:43 PM

Hi @osacapcom ,

 

1. what if (theoretically)  somene steal my credentials manged to access my Power BI account ...

  •    can he see other tables in the database that I didn't uploaded in my data set without any hacking ?

     NO

  •    can he she perform SQL queries without any hacking?

    Yes ,if you have the right acess.

  •  he can see only the uploaded data from the dataset only  ?

    Yes

  • can he see the stored local database username and password that stored in the service ?

     No

 

Please protect your administrator account. Data source credentials are required to access the data source. Otherwise he can see only the parts you imported to Power BI.

 

2. Can the hacker reach our on-premise local database throught the Power BI service and then use the data gateway to access our local database and reach other related systesm ?

No

 

3. can I make the gateway server have only outbound network  data connection ?

The gateway communicates on the following outbound ports: TCP 443, 5671, 5672, and from 9350 through 9354. The gateway doesn't require inbound ports.

 

 

Best Regards,
Community Support Team _ Caitlyn

View solution in original post

Message 2 of 3
871 Views
2 REPLIES 2
osacapcom
Frequent Visitor

‎12-20-2022 01:26 AM

Thanks for your support and the usefull information .I will make sure my data set only contain aggregatred data .

Message 3 of 3
857 Views
0
v-xiaoyan-msft
Community Support
Community Support

‎12-19-2022 05:43 PM

Hi @osacapcom ,

 

1. what if (theoretically)  somene steal my credentials manged to access my Power BI account ...

  •    can he see other tables in the database that I didn't uploaded in my data set without any hacking ?

     NO

  •    can he she perform SQL queries without any hacking?

    Yes ,if you have the right acess.

  •  he can see only the uploaded data from the dataset only  ?

    Yes

  • can he see the stored local database username and password that stored in the service ?

     No

 

Please protect your administrator account. Data source credentials are required to access the data source. Otherwise he can see only the parts you imported to Power BI.

 

2. Can the hacker reach our on-premise local database throught the Power BI service and then use the data gateway to access our local database and reach other related systesm ?

No

 

3. can I make the gateway server have only outbound network  data connection ?

The gateway communicates on the following outbound ports: TCP 443, 5671, 5672, and from 9350 through 9354. The gateway doesn't require inbound ports.

 

 

Best Regards,
Community Support Team _ Caitlyn

Message 2 of 3
872 Views

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All