Separating the roles of Power BI/Data Gateway administrator from the custodian of data connection
Currently, the person who can setup a data connection – entering “hard-coded” credentials – on a Data Gateway has to be also an administrator on the Gateway.
It means that either a Power BI admin has to have access to Data Connections (including sensitive data), or a Data Custodian has to become an admin on the Gateway (and be able to affect other “tenants”/data connections deployed on the same Gateway). Running a separate Gateway per each data connection is not economically feasible.
POSSIBLE SOLUTION: Change the Data Connection object so that connection credentials can be stored outside of the Data Connection object – in a “password vault”, or a database record, or a configuration file. In this case, Power BI admin should be able to setup the Data Connection object on a Gateway without touching the data access credentials.
Having different roles for the Gateway would be useful.
Check the existing data sources on the Gateway.
This will eliminate the duplicates, as the data source on the PBIX file should match exactly to the Gateway.
When we do not have visibility, we do not know the available data sources.
If we have the viewer role, this will help us.
Jack Wells commented
I think having just two levels of user for the gateway is a bit limiting to the idea of citizen developers.
Currently my company, and I imagine most companies, IT is in charge of administering the gateway as it sits on one of their servers.
This means only IT has the ability to add connections and add people onto them. It would be great if they could assign users as a "contributor" type role where they can setup connections and add users to their connections, but they can't access any of the gateway configuration.