Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
Anonymous
Not applicable

Direct Query and Row Level Security - Do Viewers need to have read access to SQL Server database?

‎03-20-2022 06:21 PM

Hello all,

I have a question regarding the viewer authentication in PowerBI report using DirectQuery and having Row Level Security applied when it's published in a PowerBI Workspace/PowerBI Service.

I am trying to create a PowerBI report using Direct Query storage mode, with RLS applied using USERPRINCIPALNAME() in a dimension table to filter the data in fact tables related to viewers, and there is an enterprise power bi data gateway with a service account authenticated to SQL Server database.


So in this case, I wonder whether all viewers are required to have read access to the SQL Server database, so they can see the report with filtered underlying data on PowerBI workspace or not. Or the SQL Server database will use the authenticated service account from the Enterprise Data gateway to run the queries and return the filtered data of the viewer?

 

Because the data in SQL Server database is restricted to give read permission to many users, I wonder if there are any solutions that allow viewers (who don't have the permission to SQL Server database but have the view permission to PowerBI Workspace) to view the PowerBI report with filtered underlying data.

Many thanks.

Message 1 of 3
787 Views
0
1 ACCEPTED SOLUTION
d_gosbell
Super User
Super User

‎03-21-2022 02:31 PM

It depends on how you have configured the credentials for the connection in your tabular model. If the connection is using the fixed account or impersonate service account options the that account will be used to execute the SQL queries. Your RLS restrictions will work fine with either of these options as the RLS filters are effectively translated into extra conditions on the WHERE clause for the SQL queries that are generated

View solution in original post

Message 2 of 3
689 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎03-21-2022 03:28 PM

Thanks for your confirmation. 

Message 3 of 3
678 Views
0
d_gosbell
Super User
Super User

‎03-21-2022 02:31 PM

It depends on how you have configured the credentials for the connection in your tabular model. If the connection is using the fixed account or impersonate service account options the that account will be used to execute the SQL queries. Your RLS restrictions will work fine with either of these options as the RLS filters are effectively translated into extra conditions on the WHERE clause for the SQL queries that are generated

Message 2 of 3
690 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

September Power BI Update Carousel

Power BI Monthly Update - September 2025

Check out the September 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All