Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI DataViz World Championships are on! With four chances to enter, you could win a spot in the LIVE Grand Finale in Las Vegas. Show off your skills.

Reply
jn_masteruser
Regular Visitor

Connecting One Gateway with Multiple Domains

‎11-06-2024 11:12 AM

We currently have one domain (Domain1) that hosts three different entities.  We currently have an on premise data gateway set up on the server that hosts our data warehouse.  The on premise data gateway is connected to Domain1 Account.  We pull all about 30 views from the data warehouse through dataflows.  Each View has data for all three entities which we then filter on a specific entity in each Power BI Report.  

 

We are planning to move each entity into it's own domain.  We would go from just Domain1 to Domain1, Domain2, and Domain3.  Is there a way to connect all three domains to the same gateway or same dataflow therefore we don't have to query the Data Warehouse 3x for the same view.  Would we have to create Domain2 & Domain3 as guest users to Domain1 account?

Labels:
Message 1 of 3
295 Views
1 ACCEPTED SOLUTION
Poojara_D12
Super User
Super User

‎11-07-2024 03:57 AM

Hi @jn_masteruser ,

 

In this scenario, where you’ll have multiple domains (Domain1, Domain2, and Domain3) and still want to use a single on-premises data gateway connected to Domain1’s data warehouse, you can achieve this by leveraging guest access and role-based permissions in Power BI. Here’s how you can proceed:

Step-by-Step Solution:

  1. Set Up Guest Access:

    • Add users from Domain2 and Domain3 as guest users in Domain1’s Azure Active Directory (AAD). This allows them to authenticate within Domain1 and access resources under Domain1, including Power BI workspaces and dataflows.
    • In Azure AD, go to Azure Active Directory > Users > New guest user and add the users from Domain2 and Domain3.

  2. Configure Permissions on the Gateway:

    • In the Power BI Service, navigate to Manage Gateways and select your on-premises data gateway.
    • Under Users, add the guest users from Domain2 and Domain3, granting them access to the gateway. This step allows these guest users to connect to the data warehouse on Domain1 through the same on-premises gateway.

  3. Set Up Role-Based Row-Level Security (RLS):

    • To ensure that each entity can only access its own data, implement Row-Level Security (RLS) in your Power BI datasets. Use roles and security filters to restrict access to each entity’s data. This way, you’ll be able to use a single dataset and dataflow without re-querying the data warehouse multiple times.
    • In Power BI Desktop, go to Modeling > Manage Roles, and create roles based on the Entity column or a similar column that differentiates entities. Set up security rules so that each user can only view data associated with their entity.

  4. Use the Same Dataflow for All Domains:

    • Since the data is filtered by entity within each Power BI report, you can continue using the same dataflow to pull data from the data warehouse. This means you won’t need to query the data warehouse multiple times.
    • With RLS in place, each Power BI report will dynamically filter the data based on the user’s domain and role, ensuring that each domain can only view its respective data.

  5. Testing and Verification:

    • After setting up the guest users, RLS, and permissions, test the setup by logging in as users from each domain to verify that they can access the gateway, connect to the data, and view only their respective entity’s data.

Key Considerations

  • Data Refresh: Dataflows will only need to refresh once, as they contain the combined data for all three entities. When the data is loaded into Power BI reports, RLS will filter data on a per-user basis.
  • Performance and Efficiency: This setup optimizes performance since the data warehouse is queried only once per dataflow refresh rather than three times (once for each entity).

This approach should allow you to centralize data access with minimal adjustments to your current Power BI and gateway setup, even as you expand to multiple domains.

 

Did I answer your question? Mark my post as a solution, this will help others!

If my response(s) assisted you in any way, don't forget to drop me a "Kudos" 🙂

Kind Regards,
Poojara
Data Analyst | MSBI Developer | Power BI Consultant

Did I answer your question? Mark my post as a solution, this will help others!
If my response(s) assisted you in any way, don't forget to drop me a "Kudos"

Kind Regards,
Poojara - Proud to be a Super User
Data Analyst | MSBI Developer | Power BI Consultant
Consider Subscribing my YouTube for Beginners/Advance Concepts: https://youtube.com/@biconcepts?si=04iw9SYI2HN80HKS

View solution in original post

Message 3 of 3
228 Views
0
2 REPLIES 2
Poojara_D12
Super User
Super User

‎11-07-2024 03:57 AM

Hi @jn_masteruser ,

 

In this scenario, where you’ll have multiple domains (Domain1, Domain2, and Domain3) and still want to use a single on-premises data gateway connected to Domain1’s data warehouse, you can achieve this by leveraging guest access and role-based permissions in Power BI. Here’s how you can proceed:

Step-by-Step Solution:

  1. Set Up Guest Access:

    • Add users from Domain2 and Domain3 as guest users in Domain1’s Azure Active Directory (AAD). This allows them to authenticate within Domain1 and access resources under Domain1, including Power BI workspaces and dataflows.
    • In Azure AD, go to Azure Active Directory > Users > New guest user and add the users from Domain2 and Domain3.

  2. Configure Permissions on the Gateway:

    • In the Power BI Service, navigate to Manage Gateways and select your on-premises data gateway.
    • Under Users, add the guest users from Domain2 and Domain3, granting them access to the gateway. This step allows these guest users to connect to the data warehouse on Domain1 through the same on-premises gateway.

  3. Set Up Role-Based Row-Level Security (RLS):

    • To ensure that each entity can only access its own data, implement Row-Level Security (RLS) in your Power BI datasets. Use roles and security filters to restrict access to each entity’s data. This way, you’ll be able to use a single dataset and dataflow without re-querying the data warehouse multiple times.
    • In Power BI Desktop, go to Modeling > Manage Roles, and create roles based on the Entity column or a similar column that differentiates entities. Set up security rules so that each user can only view data associated with their entity.

  4. Use the Same Dataflow for All Domains:

    • Since the data is filtered by entity within each Power BI report, you can continue using the same dataflow to pull data from the data warehouse. This means you won’t need to query the data warehouse multiple times.
    • With RLS in place, each Power BI report will dynamically filter the data based on the user’s domain and role, ensuring that each domain can only view its respective data.

  5. Testing and Verification:

    • After setting up the guest users, RLS, and permissions, test the setup by logging in as users from each domain to verify that they can access the gateway, connect to the data, and view only their respective entity’s data.

Key Considerations

  • Data Refresh: Dataflows will only need to refresh once, as they contain the combined data for all three entities. When the data is loaded into Power BI reports, RLS will filter data on a per-user basis.
  • Performance and Efficiency: This setup optimizes performance since the data warehouse is queried only once per dataflow refresh rather than three times (once for each entity).

This approach should allow you to centralize data access with minimal adjustments to your current Power BI and gateway setup, even as you expand to multiple domains.

 

Did I answer your question? Mark my post as a solution, this will help others!

If my response(s) assisted you in any way, don't forget to drop me a "Kudos" 🙂

Kind Regards,
Poojara
Data Analyst | MSBI Developer | Power BI Consultant

Did I answer your question? Mark my post as a solution, this will help others!
If my response(s) assisted you in any way, don't forget to drop me a "Kudos"

Kind Regards,
Poojara - Proud to be a Super User
Data Analyst | MSBI Developer | Power BI Consultant
Consider Subscribing my YouTube for Beginners/Advance Concepts: https://youtube.com/@biconcepts?si=04iw9SYI2HN80HKS
Message 3 of 3
229 Views
0
lbendlin
Super User
Super User

‎11-06-2024 12:43 PM 
 Is there a way to connect all three domains to the same gateway

No, there is not.  A gateway is limited to the confines of the tenant ID.

Message 2 of 3
258 Views

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

FebPBI_Carousel

Power BI Monthly Update - February 2025

Check out the February 2025 Power BI update to learn about new features.

Feb2025 Sticker Challenge

Join our Community Sticker Challenge 2025

If you love stickers, then you will definitely want to check out our Community Sticker Challenge!

Feb2025 NL Carousel

Fabric Community Update - February 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All