Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.
We have azure synapse on the cloud assocaited with VNET. Therefore we use a data gateway in powerbi service to allow connections to the azure synapse. When an end user published a pbix file to powerbi service, they can then set the gateway connection that was created by Powerbi admin.
Should this connection be allowed to share with other end users who will need to connect to the same data source and use it as import mode?
If we share this connection to other users then, the OAUTH2 credentials in the connection are saved and will no longer depend on end users (direct query will use SSO via Azure AD but import mode will use the saved credentials in the connection).
If we don't share this connection then we can create another "duplicated" connection with different name but connects to same source and saves different OAuth2 credentials. This would mean almost every end user would need their own connections to do import mode.
What would a good best practice be for this type of configuration?
Sharing data source connections in Power BI can be a convenient way to reduce the number of data source connections that need to be created and managed. However, it also has security implications, as it allows end users to access the connection and credentials associated with it.
In your case, since you are using a data gateway to connect to Azure Synapse, you can share the gateway connection with other end users who need to connect to the same data source and use import mode. When you share the gateway connection, the OAuth2 credentials associated with it will be saved, and end users will no longer need to enter their own credentials to use the connection.
One best practice for sharing data source connections in Power BI is to limit access to the connection to only the end users who need it. You can use workspace permissions to control who has access to the shared connection, and you can also set up data source permissions to limit what end users can do with the data source.
Another best practice is to regularly review and audit the shared connections to ensure that they are still needed and that the associated credentials are up to date. You can also use Power BI audit logs to monitor activity related to shared connections.
If you don't want to share the connection with other users, you can create a duplicated connection with a different name that connects to the same data source and saves different OAuth2 credentials. This would mean that almost every end user would need their own connections to do import mode, which may be more cumbersome to manage but provides greater control over access to the data source.
Ultimately, the best approach for sharing data source connections in Power BI will depend on your specific requirements and security considerations. It's important to carefully evaluate the risks and benefits of sharing connections, and to implement appropriate security controls to protect your data and credentials.