Jeffrey Yu on 20 Aug 2015 21:42:25
There should be an option to not cache credentials for data sources from connections with Power BI. This is a security issue and does not go well with customers.
- Comments (17)
RE: Don't Cache Credentials
Has there been any movement on this idea? I have multiple links to JDE (DB2) and there is a 3 attempt lockout. Every time I open a PBI file it locks me out of 5 servers and I have to go through my service desk to unlock and it's very annoying! To be honest I think the process of one failed attempt then prompt for credentials should be default anyway.
RE: Don't Cache Credentials
This is particularly important for the databases that don't use Windows Integrated Auth (everything except some SQL Server instances). The credentials should never be silently cached in the file. At best, caching them on the machine can be OK.
RE: Don't Cache Credentials
Hi caching the credentials has a nasty side effect you may not be aware of. If the site you are on has a change password policy every few months etc..and n lock attempts, once the user changes the password and they open the pbix file it can lock them out as tries to log in multiple times. So the admin guys unlock the file and again , and the user opens the file it lock them out again . So . The work around is for the user to know to clear credentials before they open the file (not obvious) . The power bi file should only attempt once to log on if it fails stop!? or have a setting to force the user to log in each time. ie an option do not store credentials - could be per table level or global. se this link http://community.powerbi.com/t5/Desktop/Power-bi-locks-user-out-of-database-if-password-has-changed/m-p/185765#M81648
RE: Don't Cache Credentials
If we revoke access to a specific table in database, we need to be sure that the user is unable to query those tables going forward. At this time, if User A shared pbix file with User B, the User B can continue refreshing data with User A's cached credentials which is a problem.
RE: Don't Cache Credentials
Hi
I'm having a similar issue in the Power BI Web interface. In the Power BI Desktop I've created an OData connection and created a report. The dataset uses a parameter for the OData service and that can be entered later when the Content Pack Template is used. I've saved the .PBIX file and then uploaded it to the PBI Web with the upload file to import the data. I've setup the dashboard with the report and from that created a Content Pack Template, making sure I tick the option at the bottom called 'Make this content pack a template'. When using the Content Pack Template on another Group I enter a different OData endpoint for a completely different domain. However it doesn't ask for credentials it automatically connects and loads in the data. That is wrong it should ask me for credentials to access the OData source not use cached ones.
RE: Don't Cache Credentials
Found a way to remove the cached credentials. In Power BI Desktop select File, Options and Settings and then Data Source Settings. Find the data source with the cached settings and use the "Clear Permissions" button to reset. Again, it should be obvious to the user when cached credentials are used and which cached credentials are used. Even in the Data Source Settings form we can't tell which credentials are used with each data source.
RE: Don't Cache Credentials
At least make it obvious when cached credentials are being used, whose credentials are being used and how to remove them from Power BI Desktop.