Managed Service Account Security in Excel Services, PowerPivot, PowerView, Etc... RRS feed

  • Question

  • We are migrating from SharePoint 2010 to SharePoint 2013. I am responsible for the business intelligence side which includes integrated SSRS, and the various Excel tools like Excel services, PowerView, Powerpivot, etc... All available BI SharePoint services/applications are enabled. In the 2010 solution, we used Kerberos for authentication.  In 2013, we will be using managed service accounts with shared data sources for the integrated SSRS, leveraging SharePoint permission groups for access and permission levels. That all is easy and being implemented. I can't seem to find a solution using manged service accounts with the Excel services, powerpivot, etc... solutions though.  Credentials embedded in shared data sources for SSRS do not persist to take advantage of. A user can not open a rdl file in Visual Studio or Report Builder and hijack the managed service account credentials by modifying the dataset definition.  However, this is not true in the various excel based solutions. Credentials stored in Excel, or even the data model if used, persists. A user can download an excel services excel file and then modify the SQL statement as they wish.

    Are there any best practices or solutions to this problem?  I continue to research and will update this question if I come up with the answer on my own.

    Wednesday, March 8, 2017 10:03 PM


All replies