Separating the roles of Power BI/Data Gateway administrator from the custodian of data connection
Currently, the person who can setup a data connection – entering “hard-coded” credentials – on a Data Gateway has to be also an administrator on the Gateway.
It means that either a Power BI admin has to have access to Data Connections (including sensitive data), or a Data Custodian has to become an admin on the Gateway (and be able to affect other “tenants”/data connections deployed on the same Gateway). Running a separate Gateway per each data connection is not economically feasible.
POSSIBLE SOLUTION: Change the Data Connection object so that connection credentials can be stored outside of the Data Connection object – in a “password vault”, or a database record, or a configuration file. In this case, Power BI admin should be able to setup the Data Connection object on a Gateway without touching the data access credentials.