Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Reply
nivasnalla
Frequent Visitor

Direct query with dynamic row level security authentication

‎09-15-2018 04:51 PM

Hello, 

 

I am trying to figure out how the authentication mechanism work with direct query from the service to data gateway and to the  SQL Server. I know how the AS Live connection authentication work and I am curious on how the current logged user in the service gets access to the SQL server to run the query against the SQL database.  Does the direct query run under the account setup for the data source on the service ? Or it runs on the actually logged user on the service just like the AS live connection ? Also when we are filtering out the rows based on the function UserPrincipalName(). Does the rows get filtered on the SQL Server or on the service?

Message 1 of 6
712 Views
1 ACCEPTED SOLUTION
v-jiascu-msft
Employee
Employee

‎09-17-2018 01:59 AM

Hi @nivasnalla,

 

You can try a software like SQL Server Profiler then you will see it clearly what happens in the Server side. Please refer to the snapshot below. I defined a role [Color] = "Blue". 

Direct_query_with_dynamic_row_level_security_authentication

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 4 of 6
721 Views
5 REPLIES 5
v-jiascu-msft
Employee
Employee

‎09-17-2018 01:59 AM

Hi @nivasnalla,

 

You can try a software like SQL Server Profiler then you will see it clearly what happens in the Server side. Please refer to the snapshot below. I defined a role [Color] = "Blue". 

Direct_query_with_dynamic_row_level_security_authentication

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 4 of 6
722 Views
nivasnalla
Frequent Visitor
In response to v-jiascu-msft

‎09-17-2018 01:00 PM

Yep, that is right. I ran the SQL Profiler and I was able to see the actual filter defined at roles passed  to the  SQL Server and filtered the rows at SQL itself and not at the  PowerBI service for "Direct Query". I was previously thinking that the service would load all the data into the model first and filter gets applied at the service. 

 

I have noticed one more thing, when I am applying the row level security, if I make changes to the underlying data when I try to refresh the report for the first time, it istaking a while to load the data and any subsequent changes made to the data, report reflects almost instantly.  Is it because of browser cache or something?

Message 5 of 6
684 Views
0
v-jiascu-msft
Employee
Employee
In response to nivasnalla

‎09-17-2018 06:13 PM

Hi @nivasnalla,

 

It's hard for me to find out what exactly happens. But I think it's cache. The Direct Query mode doesn't store any data. It caches some data in order to enhance the performance. So it could take a while to modify the cache while the underlying data changes. 

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 6 of 6
666 Views
0
Anonymous
Not applicable

‎09-16-2018 06:12 PM

When you set up your gateway you will select what User/Pass is sent from the Gateway to the source in order to provide authentication and grab the required data.

 

Row Level Security is handled by Power BI itself, thus you will grab all of the necessary data from the source and Power BI itself will apply the filtering to ensure the user only sees whatever is set up in the Roles they have been assigned inside the Power BI model. 

Message 2 of 6
693 Views
nivasnalla
Frequent Visitor
In response to Anonymous

‎09-17-2018 01:02 PM

@Anonymous: Above explanation for Row level security is true for Import Query and not for Direct Query.

Message 3 of 6
683 Views
0

Helpful resources

Announcements
LearnSurvey

Fabric certifications survey

Certification feedback opportunity for the community.

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All