Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Compete to become Power BI Data Viz World Champion! First round ends August 18th. Get started.

Reply
Norm
Advocate I
Advocate I

Javascript embedding - Securing data

‎11-10-2020 06:36 AM

Hi,

We embed reports in our web application for our clients using the Javascript API (App Owns Data). I have a question about the best way of securing the data of a PowerBI report/model.

My simple scenario:

  • in my model I have a Sales table (each record is a sale) and a measure "Number of sales"
  • the report only have a card that display that measure.
  • I don't want the end users to be able to see the content of the sales table (I only want them to see the aggregation value provided by my measure).

I could assume that because in my report I don't display the sales data in a table (I only have a card with my measure) that the user can't see the underlying data of the sales table. But someone with knowledge of the Javascript API could modify the code in the browser and could see that data (for example by activating edit mode, by using it in a custom app with the PowerBI Report Authoring library, etc...).

Am I right in assuming that the only way to prevent this is to aggregate the table in the model and using RLS on the sales tables?

I don't want to scare our clients, but should we say "the model should only have the tables that you want your end users to see. If you don't want users to see some data, don't put it in the model without RLS"?

Thanks!

Labels:
Message 1 of 1
222 Views
0
0 REPLIES 0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All