Gateway security
Administrators of the On-premises data gateway
, such as the security group mentioned in the On-premises data gateway planning section, are responsible for configuring the data sources that can be used with each gateway cluster. Additionally, gateway administrators have control over the users or security group(s) of users that can utilize a gateway data source.
As shown in the following image from the Manage gateways
portal in the Power BI service, credentials entered for data sources are encrypted:
Encrypted data source credentials
The data source credentials are only decrypted once the query request reaches the on-premises gateway cluster within the corporate network. The gateway decrypts the credentials needed for query requests and, once the query has executed, it encrypts the results of these query requests prior to pushing this data to the Power BI service. The Power BI service never knows the on-premises credential values.
Technically, the following five-step process...