Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.

Reply
TUNINH
Regular Visitor

Direct Query and Row Level Security - Do Viewers need to have read access to SQL Server database?

‎03-20-2022 06:21 PM

Hello all,

I have a question regarding the viewer authentication in PowerBI report using DirectQuery and having Row Level Security applied when it's published in a PowerBI Workspace/PowerBI Service.

I am trying to create a PowerBI report using Direct Query storage mode, with RLS applied using USERPRINCIPALNAME() in a dimension table to filter the data in fact tables related to viewers, and there is an enterprise power bi data gateway with a service account authenticated to SQL Server database.


So in this case, I wonder whether all viewers are required to have read access to the SQL Server database, so they can see the report with filtered underlying data on PowerBI workspace or not. Or the SQL Server database will use the authenticated service account from the Enterprise Data gateway to run the queries and return the filtered data of the viewer?

 

Because the data in SQL Server database is restricted to give read permission to many users, I wonder if there are any solutions that allow viewers (who don't have the permission to SQL Server database but have the view permission to PowerBI Workspace) to view the PowerBI report with filtered underlying data.

Many thanks.

Message 1 of 3
691 Views
0
1 ACCEPTED SOLUTION
d_gosbell
Super User
Super User

‎03-21-2022 02:31 PM

It depends on how you have configured the credentials for the connection in your tabular model. If the connection is using the fixed account or impersonate service account options the that account will be used to execute the SQL queries. Your RLS restrictions will work fine with either of these options as the RLS filters are effectively translated into extra conditions on the WHERE clause for the SQL queries that are generated

View solution in original post

Message 2 of 3
593 Views
0
2 REPLIES 2
TUNINH
Regular Visitor

‎03-21-2022 03:28 PM

Thanks for your confirmation. 

Message 3 of 3
582 Views
0
d_gosbell
Super User
Super User

‎03-21-2022 02:31 PM

It depends on how you have configured the credentials for the connection in your tabular model. If the connection is using the fixed account or impersonate service account options the that account will be used to execute the SQL queries. Your RLS restrictions will work fine with either of these options as the RLS filters are effectively translated into extra conditions on the WHERE clause for the SQL queries that are generated

Message 2 of 3
594 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All