cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
trt18-sistemas
Advocate II
Advocate II

Why Power BI Gateway is using my admin user?

‎01-19-2023 04:53 AM

Power BI Gateway  is using my personal admin user to access  20.150.111.36, as can be seen at image bellow.

powerbigateway-usingadminuser.png

 

Security team would like to know why is it happening, as:

 

a) my admin user was not used to install gateway;

b) gateway is install in a separeted server; created exclusively to host Power BI gateway;

 

So, our doubt are:
1) how Power BI got my admin user credentials?

2) why gateway is using my admin user?

3) is it possible to set a different user at gateway so it could use only this user? 

Message 1 of 3
259 Views
0
1 ACCEPTED SOLUTION
trt18-sistemas
Advocate II
Advocate II
In response to v-yueyunzh-msft

‎01-23-2023 04:19 AM

Hi @v-yueyunzh-msft ,

Thanks for your reply.

After your reply, BI and Information Security team made a meet where we ran several tests which I summary bellow:

 

- we checked that Power BI Gateway Service was configured to run with its specific user (by the time we installed Power BI Gateway, it was created a specific local user for this service); 

- we stopped Power BI Gateway Service and Firewall continued to register traffic, but this time the log was in name of the person who was logged on Windows Server;

- we deleted my profile from Windows Server and forced a data load at Power BI Gateway. As result Firewall registered  the user that was logged on Windows Server;

- after all tests I logged in again on Windows Server to check if Power BI Gateway Service was running. After that Firewal started to assign to me all traffic coming from that server.

 

So we concluded that, despite Power BI Gateway Service is set to run using its specific user, Windows Server assing any network traffic to the last user logged in. Firewall only "sees" and log what Windows Server is doing.

Thanks for your reply

Regards.  

View solution in original post

Message 3 of 3
159 Views
0
2 REPLIES 2
v-yueyunzh-msft
Community Support
Community Support

‎01-19-2023 05:43 PM

Hi, @trt18-sistemas 

In response to your case problem description and the provision of your three consulting questions, here are some answers based on my understanding.

1) how Power BI got my admin user credentials?

 

I think that the data refresh used by Power BI to the local gateway will not directly get the admin user credentials, which should be the request made when the dataset configured by your gateway is being refreshed, and your admin user credentials are entered as credentials when configuring the gateway data source, which will cause your gateway to send a request to 20.150.111.36 with this credential.

 

2) why gateway is using my admin user?

 

As I mentioned in the first point, as a supplement, you can check the official documentation for the permission definition of the Admin user role of the Power BI local gateway:

Admin: An admin can manage and update the on-premises data gateway. An admin is allowed to create connections (data sources) on the gateway. An admin is allowed to manage (add/delete) users with admin, connection creator, and connection creator with sharing roles on the gateway. An admin can also manage access to all connections created on the gateway.

Additional gateway security roles for Power BI | Microsoft Power BI Blog | Microsoft Power BI

 

3) is it possible to set a different user at gateway so it could use only this user? 

 

As I said in the first point, the credentials for the gateway to access the data source are entered as credentials when the gateway data source is configured, and are not related to the credentials of the gateway's admin role or any other defined credentials.

 

Thank you for your time and sharing, and thank you for your support and understanding of PowerBI! 

 

Best Regards,

Aniya Zhang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly

Message 2 of 3
199 Views
0
trt18-sistemas
Advocate II
Advocate II
In response to v-yueyunzh-msft

‎01-23-2023 04:19 AM

Hi @v-yueyunzh-msft ,

Thanks for your reply.

After your reply, BI and Information Security team made a meet where we ran several tests which I summary bellow:

 

- we checked that Power BI Gateway Service was configured to run with its specific user (by the time we installed Power BI Gateway, it was created a specific local user for this service); 

- we stopped Power BI Gateway Service and Firewall continued to register traffic, but this time the log was in name of the person who was logged on Windows Server;

- we deleted my profile from Windows Server and forced a data load at Power BI Gateway. As result Firewall registered  the user that was logged on Windows Server;

- after all tests I logged in again on Windows Server to check if Power BI Gateway Service was running. After that Firewal started to assign to me all traffic coming from that server.

 

So we concluded that, despite Power BI Gateway Service is set to run using its specific user, Windows Server assing any network traffic to the last user logged in. Firewall only "sees" and log what Windows Server is doing.

Thanks for your reply

Regards.  

Message 3 of 3
160 Views
0

Helpful resources

Announcements
Join Arun Ulag at MPPC23

Join Arun Ulag at MPPC23

Get a sneak peek into this year's Power Platform Conference Keynote.

PBI Sept Update Carousel

Power BI September 2023 Update

Take a look at the September 2023 Power BI update to learn more.

Learn Live

Learn Live: Event Series

Join Microsoft Reactor and learn from developers.

Dashboard in a day with date

Exclusive opportunity for Women!

Join us for a free, hands-on Microsoft workshop led by women trainers for women where you will learn how to build a Dashboard in a Day!

View All
Top Solution Authors
View All
Top Kudoed Authors
View All