Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft is giving away 50,000 FREE Microsoft Certification exam vouchers. Get Fabric certified for FREE! Learn more

Reply
crodrigues
Regular Visitor

How can I ensure that tenants do not have access to my dataset?

‎04-16-2024 02:50 PM

I work with sensitive data and have admin roles for the dashboards I created. However, I do not have tenant rights in Power BI. How can I ensure that tenants do not have access to my dataset? In summary, what measures can I take to prevent tenants from accessing my data even if they have control over sharing permissions?

Labels:
Message 1 of 4
289 Views
0
1 ACCEPTED SOLUTION
v-nuoc-msft
Community Support
Community Support

‎04-16-2024 10:52 PM

Hi @crodrigues 

 

@skygold16 Thank you very much for sharing your thoughts.

 

You can enhance the security of your datasets by doing the following:

 

Implement row-level security on datasets.RLS allows you to control access to rows in database tables based on the roles assigned to users.

 

In this way, you can restrict data access to specific users, ensuring that they see only the data that is relevant to them.

 

Control access to datamarts (preview) - Power BI | Microsoft Learn

 

Manages access to the workspace where the dataset is published. Grant access only to those users who need it.

 

Remember that workspace members have access to all datasets in that workspace.

 

Workspaces in Power BI - Power BI | Microsoft Learn

 

Roles in workspaces in Power BI - Power BI | Microsoft Learn

 

Use sensitivity labels to classify and protect content based on its sensitivity. Sensitivity labels help enforce protection settings such as encryption and content tagging in Power BI and Office 365.

 

Data protection in Power BI - Power BI | Microsoft Learn

 

Sensitivity labels from Microsoft Purview Information Protection in Power BI - Power BI | Microsoft ...

 

Use the Direct Access tab on the Manage Permissions page of the semantic model to monitor and modify access rights for specific people or groups.

 

Manage semantic model access permissions - Power BI | Microsoft Learn

 

Regards,

Nono Chen

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 3 of 4
227 Views
3 REPLIES 3
v-nuoc-msft
Community Support
Community Support

‎04-16-2024 10:52 PM

Hi @crodrigues 

 

@skygold16 Thank you very much for sharing your thoughts.

 

You can enhance the security of your datasets by doing the following:

 

Implement row-level security on datasets.RLS allows you to control access to rows in database tables based on the roles assigned to users.

 

In this way, you can restrict data access to specific users, ensuring that they see only the data that is relevant to them.

 

Control access to datamarts (preview) - Power BI | Microsoft Learn

 

Manages access to the workspace where the dataset is published. Grant access only to those users who need it.

 

Remember that workspace members have access to all datasets in that workspace.

 

Workspaces in Power BI - Power BI | Microsoft Learn

 

Roles in workspaces in Power BI - Power BI | Microsoft Learn

 

Use sensitivity labels to classify and protect content based on its sensitivity. Sensitivity labels help enforce protection settings such as encryption and content tagging in Power BI and Office 365.

 

Data protection in Power BI - Power BI | Microsoft Learn

 

Sensitivity labels from Microsoft Purview Information Protection in Power BI - Power BI | Microsoft ...

 

Use the Direct Access tab on the Manage Permissions page of the semantic model to monitor and modify access rights for specific people or groups.

 

Manage semantic model access permissions - Power BI | Microsoft Learn

 

Regards,

Nono Chen

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 3 of 4
228 Views
skygold16
Helper II
Helper II
In response to v-nuoc-msft

‎04-16-2024 11:30 PM

Great suggestion here @v-nuoc-msft 

 

However, to answer OP's question, RLS will only work when the end users are viewer to the workspace. As an admin, I can add myself to any workspace as the workspace admin and simply read the data from any report, isn't it? 

Message 4 of 4
223 Views
skygold16
Helper II
Helper II

‎04-16-2024 04:20 PM

Generally, you can talk to your admin about data sensitivity and enable the log analytics for your specific workspace to understand who all accessing the dataset. There is not way that Power BI admin cannot access any workspaces in the tenant. Power BI admin can add themselves into the workspace and see the dataset. However you should be rest assure that all of these are logged and monitor. You can check log analytics data to understand the activities spefic to your workspace and ask questions if breach occures. 

Message 2 of 4
254 Views

Helpful resources

Announcements
Notebook Gallery Carousel1

NEW! Community Notebooks Gallery

Explore and share Fabric Notebooks to boost Power BI insights in the new community notebooks gallery.

April2025 Carousel

Fabric Community Update - April 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All