Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Compete to become Power BI Data Viz World Champion! First round ends August 18th. Get started.

Reply
TUNINH
Regular Visitor

Direct Query and Row Level Security - Do Viewers need to have read access to SQL Server database?

‎03-20-2022 06:21 PM

Hello all,

I have a question regarding the viewer authentication in PowerBI report using DirectQuery and having Row Level Security applied when it's published in a PowerBI Workspace/PowerBI Service.

I am trying to create a PowerBI report using Direct Query storage mode, with RLS applied using USERPRINCIPALNAME() in a dimension table to filter the data in fact tables related to viewers, and there is an enterprise power bi data gateway with a service account authenticated to SQL Server database.


So in this case, I wonder whether all viewers are required to have read access to the SQL Server database, so they can see the report with filtered underlying data on PowerBI workspace or not. Or the SQL Server database will use the authenticated service account from the Enterprise Data gateway to run the queries and return the filtered data of the viewer?

 

Because the data in SQL Server database is restricted to give read permission to many users, I wonder if there are any solutions that allow viewers (who don't have the permission to SQL Server database but have the view permission to PowerBI Workspace) to view the PowerBI report with filtered underlying data.

Many thanks.

Message 1 of 3
717 Views
0
1 ACCEPTED SOLUTION
d_gosbell
Super User
Super User

‎03-21-2022 02:31 PM

It depends on how you have configured the credentials for the connection in your tabular model. If the connection is using the fixed account or impersonate service account options the that account will be used to execute the SQL queries. Your RLS restrictions will work fine with either of these options as the RLS filters are effectively translated into extra conditions on the WHERE clause for the SQL queries that are generated

View solution in original post

Message 2 of 3
619 Views
0
2 REPLIES 2
TUNINH
Regular Visitor

‎03-21-2022 03:28 PM

Thanks for your confirmation. 

Message 3 of 3
608 Views
0
d_gosbell
Super User
Super User

‎03-21-2022 02:31 PM

It depends on how you have configured the credentials for the connection in your tabular model. If the connection is using the fixed account or impersonate service account options the that account will be used to execute the SQL queries. Your RLS restrictions will work fine with either of these options as the RLS filters are effectively translated into extra conditions on the WHERE clause for the SQL queries that are generated

Message 2 of 3
620 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All