We’re making our first steps in creating reports with Power BI. I’ve gone through the documentation, for example:
I’m aware that permissions are provided at the database level, not within BigFix (see link to a post below)
Our plan is to create reports in Power BI and publish them to Power BI Online, we already have a gateway and are using this setup with other systems.
Please correct us if we’re understanding these things wrong.
My question is, what kind of permissions are we expected to provide in order to provide read access to the relevant tables?
We already have a service account in Active Directory created and have provided that user “Read” permissions to the database, a fairly standard thing to do. We expected that to be enough but it only provides access to some of the tables due to security policies that BigFix applies to them, according to one of our DB admins. Tables like “datasource_fixlets”, datasource_groups" or “datasource_devices” which are crucial are not readable.
Now we shouldn’t have to talk about providing every user SA access to the DB that needs to work on Power BI reports, including every service account that will refresh reports automatically. That seems like dropping a live grenade onto the “Least required” rule when it comes to granting permissions and is absolutely not how we work.
Do we remove those security policies that BigFix applies? Will that break some other functionality? Or are we expected to provide more access than is generally sensible to?
An example image that a DB admin sent me:
He adviced me to look into the system itself for a way to grant permissions since these policies are applied but the following post mentions that it’s done directly at the DB level:
Thank you for any information or advice you can provide.