Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
Testy
Frequent Visitor

SSO via Kerberos for Import queries

‎05-16-2024 06:44 AM

Hello everyone,

 

I have built some reports using Import mode with SQL Server (an on-premise datasource). The data used are sensitive, and we need to ensure high security for it.

 

Today, I started configuring the data gateway and saw the following option:

Testy_1-1715866738912.png

 

Use SSO via Kerberos for DirectQuery and Import queries

 

If I use this option, what will be the result on my dataset?

 

Specifically: if I build my report in Import mode and publish it, will someone without access to this SQL database be able to access this report and see the data?


I prefer to use Import mode due to the performance issues I’ve encountered with DirectQuery mode, especially with some of the measures I have created.

 

Many thanks in advance for your help 🙂

Labels:
Message 1 of 2
103 Views
0
1 ACCEPTED SOLUTION
v-zhengdxu-msft
Community Support
Community Support

‎05-16-2024 07:06 PM

Hi @Testy 

 

it primarily affects how data is accessed and refreshed from your on-premises SQL Server data source.
SSO via Kerberos ensures that when the Power BI service refreshes the data for your report, it does so using the credentials of the user who is viewing the report. This means that data refresh operations respect the same user-level permissions as if the user were querying the SQL Server directly. For Import mode, this is relevant during the data refresh process, not when viewing the report since the data is already imported into Power BI.

Once the data is imported into Power BI, the report's data is static until the next refresh. Anyone with access to the report in Power BI can see the data that was imported during the last refresh, regardless of their access to the underlying SQL Server database. The security model within Power BI (such as row-level security) would then apply to manage who can see what within Power BI.

It's important to note that while SSO via Kerberos can help ensure that only authorized data is imported during refreshes, once data is imported into Power BI, you'll need to manage access to that data within Power BI itself. This includes configuring who has access to the report and potentially using features like row-level security within Power BI to further restrict data visibility.

 

It's worth mentioning that using Import mode can provide a better performance experience for report viewers since the data is already loaded into Power BI. However, it's crucial to ensure that your data refresh strategy keeps the data up to date as needed.

 

Here for your reference:

Configure Kerberos-based SSO from Power BI service to on-premises data sources - Power BI | Microsof...

Announcing Single Sign-On Support when connecting to data sources from the Power BI Service | Micros...

Overview of single sign-on for on-premises data gateways - Power BI | Microsoft Learn

 

Best Regards

Zhengdong Xu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 2 of 2
67 Views
0
1 REPLY 1
v-zhengdxu-msft
Community Support
Community Support

‎05-16-2024 07:06 PM

Hi @Testy 

 

it primarily affects how data is accessed and refreshed from your on-premises SQL Server data source.
SSO via Kerberos ensures that when the Power BI service refreshes the data for your report, it does so using the credentials of the user who is viewing the report. This means that data refresh operations respect the same user-level permissions as if the user were querying the SQL Server directly. For Import mode, this is relevant during the data refresh process, not when viewing the report since the data is already imported into Power BI.

Once the data is imported into Power BI, the report's data is static until the next refresh. Anyone with access to the report in Power BI can see the data that was imported during the last refresh, regardless of their access to the underlying SQL Server database. The security model within Power BI (such as row-level security) would then apply to manage who can see what within Power BI.

It's important to note that while SSO via Kerberos can help ensure that only authorized data is imported during refreshes, once data is imported into Power BI, you'll need to manage access to that data within Power BI itself. This includes configuring who has access to the report and potentially using features like row-level security within Power BI to further restrict data visibility.

 

It's worth mentioning that using Import mode can provide a better performance experience for report viewers since the data is already loaded into Power BI. However, it's crucial to ensure that your data refresh strategy keeps the data up to date as needed.

 

Here for your reference:

Configure Kerberos-based SSO from Power BI service to on-premises data sources - Power BI | Microsof...

Announcing Single Sign-On Support when connecting to data sources from the Power BI Service | Micros...

Overview of single sign-on for on-premises data gateways - Power BI | Microsoft Learn

 

Best Regards

Zhengdong Xu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 2
68 Views
0

Helpful resources

Announcements
Europe Fabric Conference

Europe’s largest Microsoft Fabric Community Conference

Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.

RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

View All
Top Solution Authors
View All