Reply
Frequent Visitor
Posts: 4
Registered: ‎04-04-2018

Sharing dashboard subsequently shares developer's SQL credentials

I am trying to determine if sharing a dashboard to an internal user via power bi service automatically shares the dashboard developer's database credentials. I work for a company that has a few government contracts and therefore is required to follow NIST regulations. I recently created a dashboard and was told by a member of our IT department that I could not share it to another user because they thought that power bi had the security flaw where whoever I shared it with would recieve my SQL credentials. I researched this, but have not been able to find anything referencing this supposed security flaw, except for one post from 2015 (below) that mentioned this security issue if you use the SSAS connector, which I didn't because I imported the data and setup a gateway to refresh. (https://community.powerbi.com/t5/Integrations-with-Files-and/Sharing-dashboards-security-issue/td-p/...)

 

Does anyone know if this is an actual security issue, and if so whether it has been fixed or any possible ways to work around it?

 

Thanks for the help!!

Highlighted
Frequent Visitor
Posts: 4
Registered: ‎04-04-2018

Sharing dashboard subsequently shares developer's SQL credentials security issue

I am trying to determine if sharing a dashboard to an internal user via power bi service automatically shares the dashboard developer's database credentials. I work for a company that has a few government contracts and therefore is required to follow NIST regulations. I recently created a dashboard and was told by a member of our IT department that I could not share it to another user because they thought that power bi had the security flaw where whoever I shared it with would recieve my SQL credentials. I researched this, but have not been able to find anything referencing this supposed security flaw, except for one post from 2015 (below) that mentioned this security issue if you use the SSAS connector, which I didn't because I imported the data and setup a gateway to refresh. (https://community.powerbi.com/t5/Integrations-with-Files-and/Sharing-dashboards-security-issue/td-p/...)

 

Does anyone know if this is an actual security issue, and if so whether it has been fixed or any possible ways to work around it?

 

Thanks for the help!!

Member
Posts: 120
Registered: ‎01-31-2018

Re: Sharing dashboard subsequently shares developer's SQL credentials security issue

Hi @johank30,

 

If you are using SSAS and RLS as your data source then the appropriate RLS should be applied for each using access the dashboard.

 

However, if you are using another type of datasource in your dashboard the data will be refresh according to the data set roles are setup in the Power BI file. Therefere, a SQL database will show data per the user account used on the setup of the report. The work around is to setup RLS inside the data model in Power BI.

 

Hope this makes sense. See the details below:

 

Power BI RLS: https://docs.microsoft.com/en-us/power-bi/service-admin-rls

SSAS RLS: https://docs.microsoft.com/en-us/power-bi/desktop-tutorial-row-level-security-onprem-ssas-tabular

 

 

Frequent Visitor
Posts: 4
Registered: ‎04-04-2018

Re: Sharing dashboard subsequently shares developer's SQL credentials security issue

Okay thanks for the help. I have applied RLS and am not using SSAS.. I can't find any security issues with the Power BI file but am up against an IT department that is not much help because they have their own BI solution that they want to implement... sigh..

 

 

Super User
Posts: 2,446
Registered: ‎06-24-2015

Re: Sharing dashboard subsequently shares developer's SQL credentials security issue

Hi there when you share a dashboard or report it is in read-only mode. Which means that the user with whom it is shared cannot gain access to anything besides what is shown on screen. This includes the SQL Connection in which if you are using SQL Authentication, the password is encrypted and even the connection to the particular SQL Server.

I have not had any issues or questions around the security when sharing a Power BI Dashboard, report or App