Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now

Reply
jn_masteruser
Regular Visitor

Connecting One Gateway with Multiple Domains

We currently have one domain (Domain1) that hosts three different entities.  We currently have an on premise data gateway set up on the server that hosts our data warehouse.  The on premise data gateway is connected to Domain1 Account.  We pull all about 30 views from the data warehouse through dataflows.  Each View has data for all three entities which we then filter on a specific entity in each Power BI Report.  

 

We are planning to move each entity into it's own domain.  We would go from just Domain1 to Domain1, Domain2, and Domain3.  Is there a way to connect all three domains to the same gateway or same dataflow therefore we don't have to query the Data Warehouse 3x for the same view.  Would we have to create Domain2 & Domain3 as guest users to Domain1 account?

1 ACCEPTED SOLUTION
Poojara_D12
Solution Sage
Solution Sage

Hi @jn_masteruser ,

 

In this scenario, where you’ll have multiple domains (Domain1, Domain2, and Domain3) and still want to use a single on-premises data gateway connected to Domain1’s data warehouse, you can achieve this by leveraging guest access and role-based permissions in Power BI. Here’s how you can proceed:

Step-by-Step Solution:

  1. Set Up Guest Access:

    • Add users from Domain2 and Domain3 as guest users in Domain1’s Azure Active Directory (AAD). This allows them to authenticate within Domain1 and access resources under Domain1, including Power BI workspaces and dataflows.
    • In Azure AD, go to Azure Active Directory > Users > New guest user and add the users from Domain2 and Domain3.
  2. Configure Permissions on the Gateway:

    • In the Power BI Service, navigate to Manage Gateways and select your on-premises data gateway.
    • Under Users, add the guest users from Domain2 and Domain3, granting them access to the gateway. This step allows these guest users to connect to the data warehouse on Domain1 through the same on-premises gateway.
  3. Set Up Role-Based Row-Level Security (RLS):

    • To ensure that each entity can only access its own data, implement Row-Level Security (RLS) in your Power BI datasets. Use roles and security filters to restrict access to each entity’s data. This way, you’ll be able to use a single dataset and dataflow without re-querying the data warehouse multiple times.
    • In Power BI Desktop, go to Modeling > Manage Roles, and create roles based on the Entity column or a similar column that differentiates entities. Set up security rules so that each user can only view data associated with their entity.
  4. Use the Same Dataflow for All Domains:

    • Since the data is filtered by entity within each Power BI report, you can continue using the same dataflow to pull data from the data warehouse. This means you won’t need to query the data warehouse multiple times.
    • With RLS in place, each Power BI report will dynamically filter the data based on the user’s domain and role, ensuring that each domain can only view its respective data.
  5. Testing and Verification:

    • After setting up the guest users, RLS, and permissions, test the setup by logging in as users from each domain to verify that they can access the gateway, connect to the data, and view only their respective entity’s data.

Key Considerations

  • Data Refresh: Dataflows will only need to refresh once, as they contain the combined data for all three entities. When the data is loaded into Power BI reports, RLS will filter data on a per-user basis.
  • Performance and Efficiency: This setup optimizes performance since the data warehouse is queried only once per dataflow refresh rather than three times (once for each entity).

This approach should allow you to centralize data access with minimal adjustments to your current Power BI and gateway setup, even as you expand to multiple domains.

 

Did I answer your question? Mark my post as a solution, this will help others!

If my response(s) assisted you in any way, don't forget to drop me a "Kudos" 🙂

Kind Regards,
Poojara
Data Analyst | MSBI Developer | Power BI Consultant

View solution in original post

2 REPLIES 2
Poojara_D12
Solution Sage
Solution Sage

Hi @jn_masteruser ,

 

In this scenario, where you’ll have multiple domains (Domain1, Domain2, and Domain3) and still want to use a single on-premises data gateway connected to Domain1’s data warehouse, you can achieve this by leveraging guest access and role-based permissions in Power BI. Here’s how you can proceed:

Step-by-Step Solution:

  1. Set Up Guest Access:

    • Add users from Domain2 and Domain3 as guest users in Domain1’s Azure Active Directory (AAD). This allows them to authenticate within Domain1 and access resources under Domain1, including Power BI workspaces and dataflows.
    • In Azure AD, go to Azure Active Directory > Users > New guest user and add the users from Domain2 and Domain3.
  2. Configure Permissions on the Gateway:

    • In the Power BI Service, navigate to Manage Gateways and select your on-premises data gateway.
    • Under Users, add the guest users from Domain2 and Domain3, granting them access to the gateway. This step allows these guest users to connect to the data warehouse on Domain1 through the same on-premises gateway.
  3. Set Up Role-Based Row-Level Security (RLS):

    • To ensure that each entity can only access its own data, implement Row-Level Security (RLS) in your Power BI datasets. Use roles and security filters to restrict access to each entity’s data. This way, you’ll be able to use a single dataset and dataflow without re-querying the data warehouse multiple times.
    • In Power BI Desktop, go to Modeling > Manage Roles, and create roles based on the Entity column or a similar column that differentiates entities. Set up security rules so that each user can only view data associated with their entity.
  4. Use the Same Dataflow for All Domains:

    • Since the data is filtered by entity within each Power BI report, you can continue using the same dataflow to pull data from the data warehouse. This means you won’t need to query the data warehouse multiple times.
    • With RLS in place, each Power BI report will dynamically filter the data based on the user’s domain and role, ensuring that each domain can only view its respective data.
  5. Testing and Verification:

    • After setting up the guest users, RLS, and permissions, test the setup by logging in as users from each domain to verify that they can access the gateway, connect to the data, and view only their respective entity’s data.

Key Considerations

  • Data Refresh: Dataflows will only need to refresh once, as they contain the combined data for all three entities. When the data is loaded into Power BI reports, RLS will filter data on a per-user basis.
  • Performance and Efficiency: This setup optimizes performance since the data warehouse is queried only once per dataflow refresh rather than three times (once for each entity).

This approach should allow you to centralize data access with minimal adjustments to your current Power BI and gateway setup, even as you expand to multiple domains.

 

Did I answer your question? Mark my post as a solution, this will help others!

If my response(s) assisted you in any way, don't forget to drop me a "Kudos" 🙂

Kind Regards,
Poojara
Data Analyst | MSBI Developer | Power BI Consultant

lbendlin
Super User
Super User

 Is there a way to connect all three domains to the same gateway 

No, there is not.  A gateway is limited to the confines of the tenant ID.

Helpful resources

Announcements
November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Live Sessions with Fabric DB

Be one of the first to start using Fabric Databases

Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.

Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.

Nov PBI Update Carousel

Power BI Monthly Update - November 2024

Check out the November 2024 Power BI update to learn about new features.