Hi all,
we're trying to conclude if we can avoid building up Row Level Security when using IMPORT or DIRECTQUERY connection type to SAP BW. So our current scenario is testing the SSO capabilities when connecting Power BI (online) to SAP BW. The reason is hat we put so much effort and have a team working just for roles in SAP BW and we don't want to have to do it in paralel in power bi.
So, we've been exhaustively testing the SSO (using the windows/kerberos) authentication to Business Warehouse Server (BW), using the 64 bit version, with different users having different roles and we seem not to be able to get the data the user is allowed to see, and as such, not following BW authorizations. (please take into consideration I am only referring to the online platform scenario, right after the dataset is published from the desktop tool).
Specifically, if using the DirectQuery connection type, it seems to be using the BW authorization of the user we've set in the gateway datasource connection (we're using Windows authentication so we supposed the SSO would work here). Unfortunately it is not following the BW authorization of the user refreshing the data. This is quite important as it is a possible no-go for the SAP BW connector adoption.
For the IMPORT connection type, I suppose this would need to be handled via Row Level Security. or maybe not? Nonetheless, we want to avoid double maintenance on roles .
The most used situation in our environment is PRO users sharing with a group of other users (FREE and PRO). If we allow this connector at this stage then it would result in users seeing data they're not supposed to see.
Does anyone have a solution on how to overcome this partly or fully?
many thanks
Rúben