Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

0
bemoss

Isolate permissions

Submitted by on ‎03-20-2017 02:11 AM

We're maintaining a number of Power BI reports based on an OData service.

Different sets of credentials for the service will return data sets for different customers ("tenants").

 

The problem is that Power BI doesn't isolate the credentials (permissions) used in the respective reports.

What are the consequences of that behavior? Let me give you an example:

  1. I set up Report A with the credentials of Tenant A, and the report looks as expected
  2. I set up Report B with the credentials of Tenant B, and the report looks as expected
  3. I go back to Report A and refresh - but the report does *not* look as expected. Instead of Tenant A's data, the report is now based on Tenant B's data.

I already knew that this is the how the Desktop works. What is new to me is that the Power BI service works that way, too:
I just published Report A and Report B and set up a scheduled refresh for their respective data sets.
But after refreshing both, I discovered that Report A is now blank because it is filtered by an entity that exist in Tenant A's data - and both of the reports now use Tenant B's credentials because these are the ones I most recently entered!

 

Is there a way to isolate the permissions used for each data set that I have missed?

If the answer is no, I strongly recommend you modify Power BI (Desktop and service) to isolate the permissions used for each data source/data set.

Status: Delivered
See more ideas labeled with:
8 Comments (8 New)
Comments
v-qiuyu-msft
Community Support
Community Support
‎03-22-2017 12:13 AM

Hi @bemoss,

 

Did Report A and Report B connect to the same OData data source use the same URL and different credential? As OData requires gateway to build connection, did you use data gateway or personal gateway for the dataset? If you create two OData data source under Manage Gateways, when you configure gateway for the dataset of the Report A and Report B. Make sure corresponding gateway are checked.

 

Best Regards,
Qiuyun Yu

Vicky_Song
Impactful Individual
Impactful Individual
‎03-22-2017 12:13 AM
Status changed to: Needs Info
 
bemoss
Regular Visitor
‎03-23-2017 12:12 AM

Hi @Vicky_Song,

"Did Report A and Report B connect to the same OData data source use the same URL and different credential?"

Yes, they do.

"As OData requires gateway to build connection, did you use data gateway or personal gateway for the dataset".

Neither, to my understanding. When setting up a scheduled refresh, under Gateway connection, I selected the option Connect directly. So I obviously don't need a gateway to create a connection to this OData service.

bemoss
Regular Visitor
‎03-24-2017 01:20 AM

@Vicky_Song, do you have any thoughts on this?

v-qiuyu-msft
Community Support
Community Support
‎03-24-2017 01:55 AM

Hi @bemoss,

 

For this issue, I would suggest you create a support ticket at the end of this site to get dedicated support.

 

Best Regards,
Qiuyun Yu

Vicky_Song
Impactful Individual
Impactful Individual
‎03-24-2017 01:57 AM
Status changed to: Delivered
 
bemoss
Regular Visitor
‎04-28-2017 12:26 AM

I did raise a support request and eventually got the following answer:

 

"I made a research and I found that in Desktop and Web, the credentials are looked up by the part of the URL. There’s a central credential store (by user, by computer), so even having them in two different PBIX files wouldn’t work.
Unfortunately, there’s no workaround available, but is in our developer attention and we will provide a solution in the updates that will come."

 

That's a pretty clear explanation. I assume a general solution to this issue must be increasingly relevant since OData and other services are used by a growing number of applications.

Anonymous
Not applicable
‎11-21-2018 12:05 AM

Hi Vicky Song,

 

You marked this as delivered but I am still finding that this is an issue. Can you please inform me of how I can fix this issue?

 

Thanks,

 

Fraser

Idea Statuses