Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
mmace1
Impactful Individual
Impactful Individual

Safe for Data Gateway Connection to have a service account with access to all?

‎07-31-2023 08:33 AM

e.g.

  • Database has 50 tables
  • Jake & Jill have read access to 20 of the database tables
  • I provide a Data Connection for Jake & Jill to use, for Gateway refreshes. The credentials I used (service account) have read access to all 50 tables

Is that safe, or does it provide a way for Jake & Jill to connect to the all 50 tables, instead of the 20 their own credentials provide read access to?

Labels:
Message 1 of 3
329 Views
0
1 ACCEPTED SOLUTION
collinq
Super User
Super User

‎07-31-2023 02:08 PM

HI @mmace1 ,

 

There are really a few levels of permissions here.  If you have a Service Account in the gateway with read access to all 50, that is the standard method.  

 

Now, if you are giving database access to Jack and Jill then I am not positive how you are limiting them to only 20 of the tables - without using the database permission settings.  But, if you give them the rights to use the Gateway with all 50 tables, then you are giving them all 50 tables.

 

The common method to deal with this is to create a DataSource (or DataSources) that connect to the 20.  Really, the most effective way is to create 20 DataSources.  Then you give Jack and Jill permissions to the DataSource(s).  If you give them access directly to the Gateway to use the gateway then they can get to all 50 tables.

 

This allows you to add people at any time and they can only use the Data Source(s) that you want them to but the Gateway still can access all 50.  Each Data Source is setup to use the Gateway and it is the Gateway's permissions to hit the 50.  But, each Data Source can only hit 1 of your tables.  As you give the permissions to each person to use the Data Source they then have the ability to hit that table.




Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!
Private message me for consulting or training needs.




View solution in original post

Message 2 of 3
303 Views
2 REPLIES 2
collinq
Super User
Super User

‎07-31-2023 02:08 PM

HI @mmace1 ,

 

There are really a few levels of permissions here.  If you have a Service Account in the gateway with read access to all 50, that is the standard method.  

 

Now, if you are giving database access to Jack and Jill then I am not positive how you are limiting them to only 20 of the tables - without using the database permission settings.  But, if you give them the rights to use the Gateway with all 50 tables, then you are giving them all 50 tables.

 

The common method to deal with this is to create a DataSource (or DataSources) that connect to the 20.  Really, the most effective way is to create 20 DataSources.  Then you give Jack and Jill permissions to the DataSource(s).  If you give them access directly to the Gateway to use the gateway then they can get to all 50 tables.

 

This allows you to add people at any time and they can only use the Data Source(s) that you want them to but the Gateway still can access all 50.  Each Data Source is setup to use the Gateway and it is the Gateway's permissions to hit the 50.  But, each Data Source can only hit 1 of your tables.  As you give the permissions to each person to use the Data Source they then have the ability to hit that table.




Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!
Private message me for consulting or training needs.




Message 2 of 3
304 Views
mmace1
Impactful Individual
Impactful Individual
In response to collinq

‎08-01-2023 08:21 AM

Thanks!

Yes, their access is limited at the database level, which I also have control of. 

Gotcha, have one connection per table. 

Our access model is simple - some folks get no access, some get read access to 'non-sensitive' tables, and some get read access to everything. 

At that point, rather than have 50 seperate connections, I'd rather just create either a 2nd service account that also has the 'access to 'non sensitive' tables, or - just let the users make / share their own data source. 

 

Message 3 of 3
288 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All