Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more.
Get startedGrow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.
Hello everyone,
I have built some reports using Import mode with SQL Server (an on-premise datasource). The data used are sensitive, and we need to ensure high security for it.
Today, I started configuring the data gateway and saw the following option:
Use SSO via Kerberos for DirectQuery and Import queries
If I use this option, what will be the result on my dataset?
Specifically: if I build my report in Import mode and publish it, will someone without access to this SQL database be able to access this report and see the data?
I prefer to use Import mode due to the performance issues I’ve encountered with DirectQuery mode, especially with some of the measures I have created.
Many thanks in advance for your help 🙂
Solved! Go to Solution.
Hi @Testy
it primarily affects how data is accessed and refreshed from your on-premises SQL Server data source.
SSO via Kerberos ensures that when the Power BI service refreshes the data for your report, it does so using the credentials of the user who is viewing the report. This means that data refresh operations respect the same user-level permissions as if the user were querying the SQL Server directly. For Import mode, this is relevant during the data refresh process, not when viewing the report since the data is already imported into Power BI.
Once the data is imported into Power BI, the report's data is static until the next refresh. Anyone with access to the report in Power BI can see the data that was imported during the last refresh, regardless of their access to the underlying SQL Server database. The security model within Power BI (such as row-level security) would then apply to manage who can see what within Power BI.
It's important to note that while SSO via Kerberos can help ensure that only authorized data is imported during refreshes, once data is imported into Power BI, you'll need to manage access to that data within Power BI itself. This includes configuring who has access to the report and potentially using features like row-level security within Power BI to further restrict data visibility.
It's worth mentioning that using Import mode can provide a better performance experience for report viewers since the data is already loaded into Power BI. However, it's crucial to ensure that your data refresh strategy keeps the data up to date as needed.
Here for your reference:
Overview of single sign-on for on-premises data gateways - Power BI | Microsoft Learn
Best Regards
Zhengdong Xu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @Testy
it primarily affects how data is accessed and refreshed from your on-premises SQL Server data source.
SSO via Kerberos ensures that when the Power BI service refreshes the data for your report, it does so using the credentials of the user who is viewing the report. This means that data refresh operations respect the same user-level permissions as if the user were querying the SQL Server directly. For Import mode, this is relevant during the data refresh process, not when viewing the report since the data is already imported into Power BI.
Once the data is imported into Power BI, the report's data is static until the next refresh. Anyone with access to the report in Power BI can see the data that was imported during the last refresh, regardless of their access to the underlying SQL Server database. The security model within Power BI (such as row-level security) would then apply to manage who can see what within Power BI.
It's important to note that while SSO via Kerberos can help ensure that only authorized data is imported during refreshes, once data is imported into Power BI, you'll need to manage access to that data within Power BI itself. This includes configuring who has access to the report and potentially using features like row-level security within Power BI to further restrict data visibility.
It's worth mentioning that using Import mode can provide a better performance experience for report viewers since the data is already loaded into Power BI. However, it's crucial to ensure that your data refresh strategy keeps the data up to date as needed.
Here for your reference:
Overview of single sign-on for on-premises data gateways - Power BI | Microsoft Learn
Best Regards
Zhengdong Xu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.
User | Count |
---|---|
55 | |
39 | |
33 | |
31 | |
25 |