Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started
I beleive there is a way to replace the credential being used by a Data Source on a gateway, but I haven't dug into doing that yet..
At the moment, I would just like to be able to ask a Data Source what Username it is using to authenticate to the actual database.
I prefer to do most things via PowerShell, but can grumpily use other methods if I need to.
Using Get-DataGatewayDatasource, I can get these properties, but Credentials is always NULL:
CredentialType
EncryptedConnection
PrivacyLevel
EncryptionAlgorithm
Credentials
UseCallerAADIdentity
UseEndUserOAuth2Credentials
UseCustomOAuthApp
SkipTestConnection
IsCredentialEncrypted
I can undersatnd if this is not possible to do, because it would seem like a potential information leak if it was possible, but I haven't been able to find anything confirming that it is not possible to ever see the username after it has been entered.
@JMLyle There is no way to get the credentials used to create the gateway connection. There is an idea raised for this and all votes help.
https://ideas.fabric.microsoft.com/ideas/idea/?ideaid=465aea7f-b208-494b-8155-26faeaa21af7
Here is teh technote on teh encryption.
https://learn.microsoft.com/en-us/power-bi/connect-data/service-gateway-data-sources#store-encrypted...
You can use the Power BI Rest API to update the credentials using PowerShell:
Gateways - Update Datasource
https://learn.microsoft.com/en-us/rest/api/power-bi/gateways/update-datasource
Hi,
As far as I know:
You are not supposed to provide gateway access to everyone. You should provide access to the connections. Your password won't be exposed to anyone once the connection is created, and most data sources will lock your account on the database if you enter the wrong password more than three times.So,the rest API command will work only if they have access to that gateway connection.
Right, we typically provide gateway acces to no one, but add people as user of specific Data Sources that they need.
My struggle is that security would like to do a review of what a Data Source provides someone with access to. As a Gateway admin I can easily determine the connection details, but then the DBA would like to know what account is being used to access the database so that they can provide details about what data/tables/etc it is able to access.
A prompt would be handy though, perhaps the first or last character exposed. There can be so many systems/usernames in a large org and when a connection goes offline, it would be handy to have a hint at least which username was used. Alternatively, you can keep a list of usernames used for what connection, but that really defeats the purpose of security right?
Hi @JMLyle
As far as I am aware, that is bad is on because even knowing the username can often be a risk.
Yeah, agreed, it probably shouldn't be possible, but it sure would help me do a few things if it was possible.
I imagine that someone here either has been able to do it, or can point to a place where Microsoft says that you can't.
Check out the September 2024 Power BI update to learn about new features.
Learn from experts, get hands-on experience, and win awesome prizes.