cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Lock

02-04-2018 02:35 AM - last edited 02-05-2018 03:19 AM

PowerAnalytics
Advocate II
10409 Views
PowerAnalytics
Advocate II
Advocate II

The Power BI Lock

‎02-04-2018 02:35 AM

I've been thinking for some time about the Power BI Publish to Web feature, but not being safe to keep your data there as the content will be public for someone who accidentally finds out the link. I have built a new feature called the Power BI Lock to allow safer publishing to the web (only being able to view the actual report if holding a specific code). Try out the live demo.

 

What is needed to build the Power BI Lock?

 

One Access check frontpage with any number of slicers, having as many possible selections as you want (the more, the less likely someone accidentally finds out the correct key), from which the final Key value will be combined with:

SELECTEDVALUE(Code1[Code1]) & SELECTEDVALUE(Code2[Code2])

One table called Key_Control with a row having the correct Code (Access_Key_Valid). In this case, to make the link even lighter, we have a 2nd column called Access with just a 1. This Access will be linked to the remaining of the data model. I have also added here the image of the unlocked lock.

 

 

Two measures in the same Key_Control table: One Access_Key_Selection measure, which will validate if the combination from the N slicers matches your Access_Key_Valid

Access_Key_Selection = IF(    FIRSTNONBLANK(Key_Control[Access_Key_Valid];Key_Control[Access_Key_Valid]) =    SELECTEDVALUE(Code1[Code1]) & SELECTEDVALUE(Code2[Code2]);    FIRSTNONBLANK(Key_Control[Access_Key_Valid];Key_Control[Access_Key_Valid]);    BLANK() )

 

One info measure, which will show a message according to the code combination:

Info =    if( SELECTEDVALUE(Code1[Code1]) = blank(); "Select the correct combination to have access to the Report";    if( SELECTEDVALUE(Code2[Code2]) = blank(); "Select the correct combination to have access to the Report";    if( CONCATENATE(SELECTEDVALUE(Code1[Code1]);SELECTEDVALUE(Code2[Code2]))="B202"; "Unlocked! Right click the code and drill through Report to proceed!";    "Wrong Code! Try again!" )))

Adding the Access_Key_Valid as a Drillthrough filter on the hidden report page

 

 

The Lock / Unlocked effect is done by placing the locked image underneath the unlocked image and access code in the shape of a matrix visual (to allow the drill through ability)

 

 

Wrapping all up on a quick animated overview

 

Future work: I am thinking about building a version with only one keypad for typing the complete code, and also using other options for the link between the pages like bookmarks, not sure if possible though. Do you have specific cases or applications where this can be useful? Do you have other ideas to reach the same result?

 

@ 2018 by Pedro Reis

 

 

Preview file
85 KB
Labels:
Message 1 of 5
10,409 Views
FrankT
Advocate I
Advocate I

‎03-03-2018 05:58 AM

Interesting approach!

IMO the access link is not necessary. Am I missing something?

Message 4 of 5
9,703 Views
0
PowerAnalytics
Advocate II
Advocate II
In response to FrankT

‎03-04-2018 03:18 AM

Hi Frank!

 

What do you mean by the access link? B202?

Message 5 of 5
9,691 Views
0
deldersveld
MVP

‎02-16-2018 03:31 AM

This is a creative idea and could be a fun way to "lock down" a report with public data. While it might stop the majority of people from accessing the publish to web content, readers should be aware that it's not truly secure. The access key appears in a few places behind the scenes if you know where to look (and not simply because it's in the visual textbox). Only use Publish to Web with PUBLIC data.

Preview file
17 KB
Message 2 of 5
10,144 Views
PowerAnalytics
Advocate II
Advocate II
In response to deldersveld

‎02-18-2018 12:20 PM

Hi deldersveld!

 

Indeed, I had already tested with some of my security colleagues, and the Key appears in the HMTL properties if it is selected.

In this POC example you actually know the key and hence when selected you can identify the property that contains it, but otherwise, I have tested it and it will not show up because it depends on the underlying context of a measure.

 

Not knowing the key you can test all the keys via brute force and it will show a different property once the correct combination is selected. But is it manageable to brute force attack if I setup 3 slicers with 1 million combinations of 3 slicers each?

 

What I am curious to know is if the Power BI server allow such brute force attacks or are they cut out after a few attempts?

Message 3 of 5
9,943 Views
0