Our Power BI Security web site has been updated to reflect the new Power BI v2 as well as the new Power BI Security whitepaper that we’ve created.
Data Storage Security
Power BI uses two primary repositories for storing and managing data: data that is uploaded from users is typically sent to Azure BLOB storage, and all metadata as well as artifacts for the system itself are stored in Azure SQL Database.
The dotted line in the Back End cluster image, above, clarifies the boundary between the only two components that are accessible by users (left of the dotted line), and roles that are only accessible by the system. When an authenticated user connects to the Power BI Service, the connection and any request by the client is accepted and managed by the Gateway Role (eventually to be handled by Azure API Management), which then interacts on the user’s behalf with the rest of the Power BI Service. For example, when a client attempts to view a dashboard, the Gateway Role accepts that request then separately sends a request to the Presentation Role to retrieve the data needed by the browser to render the dashboard.
If you haven’t seen it, you may want to check out our whitepaper on the topic: