https://community.fabric.microsoft.com/t5/Custom-Visuals-Development/Custom-visuals-and-data-security/m-p/3287775#M7677 <P>Hello,</P><P>&nbsp;</P><P>I am working on a visual that allows the user to query some external data sources. This includes an API and a database.</P><P>&nbsp;</P><P>Part of doing this is allowing users to specify their own addresses for both. A concern we have, however, is that we are unsure to what degree certain data is accessible to the end-user via the browser console.</P><P>&nbsp;</P><P>Right now, we are planning to receive the sensitive data via the Visual settings panel. This settings panel, naturally, is only accessible to report developers. A concern we have, however, is to what extent this data is accessible to anyone with a browser console and enough tenacity.&nbsp;</P><P>&nbsp;</P><P>So, some questions:</P><P>&nbsp;</P><P>1. To what extent is it possible to access Custom Viz variables via the browser console? (even if unlikely)</P><P>2. Does the PBI API (or something else) offer a form of environment variables that can both give critical information to the app while not being exposed to any users?</P><P>3. Does the PBI API have any kind of handling for sensitive data such as logins? I know of a number of workarounds, but they are all workarounds and not super ideal. Is there any "native" handling? I can't find documentation on this.</P><P>4. Since PBI sandboxes the custom visuals, are there certain security measures directly implemented? (E.g. perhaps vars are already treated as being from .env?)</P><P>&nbsp;</P><P>I understand this may be a bit of a niche and annoying set of questions. But I've scoured through the documentation and forums, and I can't really find any concrete information on these. These features are unfortunately absolutely essential for the functionality of the app.</P><P>&nbsp;</P><P>Thank you all very much</P> Fri, 16 Jun 2023 11:16:54 GMT JSJB 2023-06-16T11:16:54Z https://community.fabric.microsoft.com/t5/Custom-Visuals-Development/Custom-visuals-and-data-security/m-p/3287775#M7677 <P>Hello,</P><P>&nbsp;</P><P>I am working on a visual that allows the user to query some external data sources. This includes an API and a database.</P><P>&nbsp;</P><P>Part of doing this is allowing users to specify their own addresses for both. A concern we have, however, is that we are unsure to what degree certain data is accessible to the end-user via the browser console.</P><P>&nbsp;</P><P>Right now, we are planning to receive the sensitive data via the Visual settings panel. This settings panel, naturally, is only accessible to report developers. A concern we have, however, is to what extent this data is accessible to anyone with a browser console and enough tenacity.&nbsp;</P><P>&nbsp;</P><P>So, some questions:</P><P>&nbsp;</P><P>1. To what extent is it possible to access Custom Viz variables via the browser console? (even if unlikely)</P><P>2. Does the PBI API (or something else) offer a form of environment variables that can both give critical information to the app while not being exposed to any users?</P><P>3. Does the PBI API have any kind of handling for sensitive data such as logins? I know of a number of workarounds, but they are all workarounds and not super ideal. Is there any "native" handling? I can't find documentation on this.</P><P>4. Since PBI sandboxes the custom visuals, are there certain security measures directly implemented? (E.g. perhaps vars are already treated as being from .env?)</P><P>&nbsp;</P><P>I understand this may be a bit of a niche and annoying set of questions. But I've scoured through the documentation and forums, and I can't really find any concrete information on these. These features are unfortunately absolutely essential for the functionality of the app.</P><P>&nbsp;</P><P>Thank you all very much</P> Fri, 16 Jun 2023 11:16:54 GMT https://community.fabric.microsoft.com/t5/Custom-Visuals-Development/Custom-visuals-and-data-security/m-p/3287775#M7677 JSJB 2023-06-16T11:16:54Z