In Microsoft’s documentation surrounding the On-Premises Data Gateway, the advice on permissions for the account used to authenticate the Data Source in the Power BI Service can be concerning for most, especially DBAs.
In the Analysis Services section of the documentation, the advice is:
The Windows account you enter must have Server Administrator permissions for the instance you are connecting to. If this account’s password is set to expire, users could get a connection error if the password isn’t updated for the data source.
Server Administrator permissions…? What happened to the principle of least-privilege?
In a practical sense, the On-Premises Data Gateway has to deal with two very different implementations of Analysis Services: Multidimensional and Tabular. Each are setup and configured differently from the other, and the nature of their security models are also different. As a one size fits all approach, it works. As we will soon see, the permissions do not have to be set as Server Admin
The SQL section of the documentation, on the other hand, doesn’t actually specify what permissions are required for the Data Source to be established in the Power BI Service.
Permissions
Exactly what permissions are required for these common data sources, I hear you ask. As data sources are established at a database level, so too are the permissions set.
| Data Source | Minimum Permissions Level |
| SQL Server Database | db_datareader |
| SSAS Tabular Database | Process database and Read |
| SSAS Multidimensional Database | Full control (Administrator) |
Principle of least-permissions is now restored.
Though there still are the curious incidents of Analysis Services data sources requiring permissions in addition to read. I am unsure, I have my suspicions, and have tried to find out. If you know, please leave a comment below!
Overview of Data Migration Assistant (DMA)
The Data Migration Assistant (DMA) helps you upgrade to a modern data platform by detecting compatibility
Oct
How global supply chains changed throughout the pandemic and what’s the new future?
Covid-19 hits the global supply chain: There have been significant challenges throughout global supply chains
Oct
Cloud Migration
In the past years, organisations have been migrating existing systems and services to the cloud.
Sep
Using Azure Data Studio SQL Notebooks
There are a number of database tools for managing and developing databases and it’s interesting
Sep
How has the travel and transport sector reacted to the Covid-19 crisis?
The Covid-19 pandemic shocked the world. It sent unprecedented ripples of change within numerous sectors
Sep
Databricks for Dummies: An Introduction to Databricks
Databricks is an organisation and industry-leading commercial cloud-based data engineering platform for processing and transforming
Sep
Prepare and pass DP-300 (Administrating relational databases on Microsoft Azure)
Azure Database Administration? An Azure Database Administrator is responsible for implementing, managing, troubleshooting and operating the data
Sep
Resolving merge conflicts in Azure DevOps via extension
Part of the role of source control is to ensure that any simultaneous updates to
Aug