We have a serious security issue regarding Power BI Report Server.
We depolyed a power bi report server report URL on a web portal but the URL is easy to catch after inspection on the portal and a user can have access to data of all other customers.
So we would like to avoid direct access to the URL through the web browser and avoid random people over the internet to access the ReportServer.
Any thoughts or suggested solutions would be greatly appreciated.
Hi @Takasatsu ,
Not everyone can access it, you have to give permission to do so. Because you don't give permission to other users, so of course they can't see itYou can set permissions to the report as well, so that only those who can see it can access it, and others can't see it, or set permissions on the web side.
You could refer to：
Best Regards,Community Support Team _ Caitlyn
Hi @v-xiaoyan-msft ,
I would like to specify that we are using SSO (SAML) authentication mode on Power BI Report Server (to avoid double authentication in the web portal), and with this mode we can not use RLS. What we are doing to manage users access to filtered data is adding filters in the Report Server URL. The problem is that those filters are not hidden and could be modified or deleted from users after catching the Report Server URL.
With this mode the Username of all users who will access to the web portal is displayed "API" also the domain of the report server and the web portal are different.
Could you help please with more specifications on how to set permissions in this case?
(Data loading mode: Import).
With best regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.