Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
trt18-sistemas
Advocate III
Advocate III

Why Power BI Gateway is using my admin user?

Power BI Gateway  is using my personal admin user to access  20.150.111.36, as can be seen at image bellow.

powerbigateway-usingadminuser.png

 

Security team would like to know why is it happening, as:

 

a) my admin user was not used to install gateway;

b) gateway is install in a separeted server; created exclusively to host Power BI gateway;

 

So, our doubt are:
1) how Power BI got my admin user credentials?

2) why gateway is using my admin user?

3) is it possible to set a different user at gateway so it could use only this user? 

1 ACCEPTED SOLUTION

Hi @v-yueyunzh-msft ,

Thanks for your reply.

After your reply, BI and Information Security team made a meet where we ran several tests which I summary bellow:

 

- we checked that Power BI Gateway Service was configured to run with its specific user (by the time we installed Power BI Gateway, it was created a specific local user for this service); 

- we stopped Power BI Gateway Service and Firewall continued to register traffic, but this time the log was in name of the person who was logged on Windows Server;

- we deleted my profile from Windows Server and forced a data load at Power BI Gateway. As result Firewall registered  the user that was logged on Windows Server;

- after all tests I logged in again on Windows Server to check if Power BI Gateway Service was running. After that Firewal started to assign to me all traffic coming from that server.

 

So we concluded that, despite Power BI Gateway Service is set to run using its specific user, Windows Server assing any network traffic to the last user logged in. Firewall only "sees" and log what Windows Server is doing.

Thanks for your reply

Regards.  

View solution in original post

2 REPLIES 2
v-yueyunzh-msft
Community Support
Community Support

Hi, @trt18-sistemas 

In response to your case problem description and the provision of your three consulting questions, here are some answers based on my understanding.

1) how Power BI got my admin user credentials?

 

I think that the data refresh used by Power BI to the local gateway will not directly get the admin user credentials, which should be the request made when the dataset configured by your gateway is being refreshed, and your admin user credentials are entered as credentials when configuring the gateway data source, which will cause your gateway to send a request to 20.150.111.36 with this credential.

 

2) why gateway is using my admin user?

 

As I mentioned in the first point, as a supplement, you can check the official documentation for the permission definition of the Admin user role of the Power BI local gateway:

Admin: An admin can manage and update the on-premises data gateway. An admin is allowed to create connections (data sources) on the gateway. An admin is allowed to manage (add/delete) users with admin, connection creator, and connection creator with sharing roles on the gateway. An admin can also manage access to all connections created on the gateway.

Additional gateway security roles for Power BI | Microsoft Power BI Blog | Microsoft Power BI

 

3) is it possible to set a different user at gateway so it could use only this user? 

 

As I said in the first point, the credentials for the gateway to access the data source are entered as credentials when the gateway data source is configured, and are not related to the credentials of the gateway's admin role or any other defined credentials.

 

Thank you for your time and sharing, and thank you for your support and understanding of PowerBI! 

 

Best Regards,

Aniya Zhang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly

Hi @v-yueyunzh-msft ,

Thanks for your reply.

After your reply, BI and Information Security team made a meet where we ran several tests which I summary bellow:

 

- we checked that Power BI Gateway Service was configured to run with its specific user (by the time we installed Power BI Gateway, it was created a specific local user for this service); 

- we stopped Power BI Gateway Service and Firewall continued to register traffic, but this time the log was in name of the person who was logged on Windows Server;

- we deleted my profile from Windows Server and forced a data load at Power BI Gateway. As result Firewall registered  the user that was logged on Windows Server;

- after all tests I logged in again on Windows Server to check if Power BI Gateway Service was running. After that Firewal started to assign to me all traffic coming from that server.

 

So we concluded that, despite Power BI Gateway Service is set to run using its specific user, Windows Server assing any network traffic to the last user logged in. Firewall only "sees" and log what Windows Server is doing.

Thanks for your reply

Regards.  

Helpful resources

Announcements
July 2024 Power BI Update

Power BI Monthly Update - July 2024

Check out the July 2024 Power BI update to learn about new features.

PBI_Carousel_NL_June

Fabric Community Update - June 2024

Get the latest Fabric updates from Build 2024, key Skills Challenge voucher deadlines, top blogs, forum posts, and product ideas.