Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

To celebrate FabCon Vienna, we are offering 50% off select exams. Ends October 3rd. Request your discount now.

Reply
alfBI
Helper V
Helper V

PBI Gateway: Best practices to manage gateway connections

‎07-26-2022 04:09 AM

Dear colleagues,

 

Imagine an scenario where a user (e.g: UserHR) publishes a PBI desktop file on the service. The dataset does contain several on-premises sources so the gateway connection has to be properly setup in order to schedule it refresh. Once published the dataset is owned by UserHR by default.

 

alfBI_1-1658833014217.png

 

 

On the other hand, the on-premise gateway is already installed and the datasources required by the aforementioned dataset has been already created by the userIT (with admin permission on the gateway)

 

alfBI_2-1658833033789.png

 

 

With regards the existing data sources defined on the gateway,  both user accounts (userHR & userIT) are defined as User 

 

alfBI_3-1658833057873.png

 

 

At that point we foresee at least 2 ways to handle the configuration of the gateway connections:

 

Scenario 1: IT Centralized-Governance: Once published the userIT takes ownership of the dataset and because he is Gateway admin he might configure the gateway connection by maping the on-premise datasources with the corresponding datasources created on the gateway. User1 will be able to consume the content as he has rights over the gatway connection

 

Scenario 2: De-centralized. UserHR  remains as owner of the dataset and he would configure the gateway connection on its own.

 

Question (that raised this post) is:

 

which permissions will userHR need? The minimal one seems to be the one named "Connection Creator" but this one would allow him to create additional sources on the gateway. We would aim that userHR was able to map dataset on-premise datasources with existing gateway data source entries, but not to create new ones (in few weeks we would end with dozens of data sources created by the end users.....). Is that feasible?

 

Any suggestion about the best practice to be followed to handle setup of gateway connections and gateway roles will be more than welcome. Main question behind is: how to achieve a non-dependency of IT for the task withoout put in risk the "integrity" of the data sources existing on the gateway (that should be only managed by IT)

 

Thanks,

Alfons

 

Regards,

Labels:
Message 1 of 5
1,515 Views
0
4 REPLIES 4
mhaindl
Frequent Visitor

‎07-29-2022 01:42 AM

This is utterly broken. We aim for a similar solution as alfBI. userHR should be able to update or change its gateway connection without adding new connections to the gateway. It literally says so in the "manage users" tab: "Allows the userto use the data source, manage data sourceconfigurations and credentials."

The fact, that you also need userHR to be connection creator is a broken logic. 
You should be able to manage ALL gateway connections and create new connections on the gateway: be admin
You should be able to manage YOUR gateway connection and create new connections on the gateway: be connection creater and owner
You should be able to manage YOUR gateway connection but can't create new connecitons: be owner
None of the above but can use connection: be user

I'm fairly upset that this feature sounds so promising and is so critically broken at the same time.

Message 5 of 5
1,435 Views
0
arvindsingh802
Super User
Super User

‎07-27-2022 02:26 AM

Best practice is
1. Developemnt team will be owner of the dataset and will reach to IT team for any addition/updation of datasource

2. IT team will be the Admin of gateway/s and will be creating datasource as per request and give the requestor "User access" for requested data source


If this post helps, then please consider Accept it as the solution, Appreciate your Kudos!!
Proud to be a Super User!!
Message 2 of 5
1,467 Views
0
alfBI
Helper V
Helper V
In response to arvindsingh802

‎07-27-2022 08:44 AM

So, in your described scenario the developer team will be able to map the data source identified in the dataset with the gateway datasource without requiring additional right?

Message 3 of 5
1,455 Views
0
arvindsingh802
Super User
Super User
In response to alfBI

‎07-28-2022 02:04 AM

Yes, If the data source is already added in gateway by IT team and Dev team have user access to that data sources

arvindsingh802_0-1658998980177.png

In above senario Developer (User CA) has user access so he/she will be able to map this data source without any additional rights

 

If there is a new data source, they will reach out to IT team and request to get that added and also get user access to that data source


If this post helps, then please consider Accept it as the solution, Appreciate your Kudos!!
Proud to be a Super User!!
Message 4 of 5
1,445 Views
0

Helpful resources

Announcements
September Power BI Update Carousel

Power BI Monthly Update - September 2025

Check out the September 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All