Solved: Deployment via Client BI Team: Security Concerns

manoj_0911 · ‎03-20-2024

Hello Power BI Community,

I'm seeking advice on deploying Power BI reports for a client. We propose building reports and connecting to their SQL Server on AWS via VPN. Our initial approach was to share the .pbix file for their BI team to manage publishing, scheduling, and RLS.

However, I have security concerns, particularly regarding control over Row-Level Security (RLS). Without managing publishing, ensuring proper RLS implementation becomes a challenge.

Question:

* What are the security risks associated with deploying reports through a client's BI team?
* How can we achieve a collaborative approach that balances client involvement with robust security controls?

We're open to exploring a hybrid model where we provide initial setup and train their team on basic management tasks.

Thank you for your insights!

Best regards,
Manoj Prabhakar

Anonymous · ‎03-22-2024

Hi @manoj_0911 ,

Data protection capabilities in Power BI build on Microsoft's strengths in security and enable customers to empower every user with Power BI and better protect their data no matter how or where it is accessed.

Power BI was built to provide industry-leading complete and hermetic protection for data. The product has earned the highest security classifications available in the industry, and today many national security agencies, financial institutions, and health care providers entrust it with their most sensitive information.

Power BI security white paper - Power BI | Microsoft Learn

Data protection in Power BI - Power BI | Microsoft Learn

Power BI Security - Power BI | Microsoft Learn

Question1:

When sharing reports externally, if permission settings are improperly configured, it can lead to unauthorized access, posing a risk of unintentional leakage of sensitive data. Ensure that access controls are clearly defined.

Integrating with third-party tools may introduce vulnerabilities.

Question2:

Use the correct sharing method, define the permissions required for each role, and restrict data access based on user roles.

Roles in workspaces in Power BI - Power BI | Microsoft Learn

Semantic models in the Power BI service - Power BI | Microsoft Learn

Implement Single Sign-On (SSO) for seamless authentication.

Overview of single sign-on for on-premises data gateways - Power BI | Microsoft Learn

Test single sign-on (SSO) configuration - Power BI | Microsoft Learn

Encrypt both static and transmitted data.

When integrating with third-party tools, strengthen management, conduct regular security assessments, track audits and logs, and retain detailed logs of report access, modifications, and user activities. Address any issues promptly.

Troubleshoot the on-premises data gateway | Microsoft Learn

Monitor report performance in Power BI - Power BI | Microsoft Learn

Best Regards,

Liu Yang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Anonymous · ‎03-22-2024