Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, the Microsoft Fabric Community team will be offering free DP-600 exam vouchers. Prepare now

Reply
dbexpress108
Regular Visitor

Can clients see each others details on shared report?

I'm really just looking for a specific clarification on one thing, let me outline a hypothetical scenario below:

 

  • I have a Power BI workspace (Workspace A), in which I upload a PBIX report.
  • I have two clients, Client A and Client B, to whom I want to grant read-only access to the report.
  • Client A has 5 users and I have added these as Guest Users to Security Group A.
  • Client B has 3 users and I have added these as Guest Users to Security Group B.
  • Both Security Groups have type 'Security' and membership type 'Assigned'.
  • I use the 'Manage Permissions' setting on the PBIX report options, and grant Direct Access (read only) to Security Group A and Security Group B for this PBIX report.
  • In 'Guest User Access Restrictions' on Microsoft Entra, I have enabled 'Guest user access is restricted to properties and memberships of their own directory objects (most restrictive)'.

All I want to know, is if the users in Client A can see any information about users in Client B, or vice versa.

 

Currently, we have effectively duplicated the PBIX reports into separate workspaces (and therefore have a lot of duplication of PBIX files), and granted each client through their own security group direct access to their specific report. However, the PBIX file is the same for each client and we would like to consolidate these into a single Workspace if possible.

 

Appreciate any advice or help.

1 ACCEPTED SOLUTION

You should absolutely test this by logging in as an account that mimics one of your clients. With that many reports and users though, Embedded is really the recommended solution from MS, not granular editing of report permissions with secure embed links.



Did I answer your question? Mark my post as a solution!
Did my answers help arrive at a solution? Give it a kudos by clicking the Thumbs Up!

DAX is for Analysis. Power Query is for Data Modeling


Proud to be a Super User!

MCSA: BI Reporting

View solution in original post

7 REPLIES 7
edhans
Super User
Super User

The way you are doing it isn't correct. You must implement row level security when multiple users have access to the same report, no matter how they have access, to hide/show only the records you want them to see. Once you do that, you must demote all of them to "Viewer" only in the workspace. Anyone that is contributor or higher can see everything everywhere.

Row-level security (RLS) with Power BI - Power BI | Microsoft Learn
If you have multiple users in a single workspace you are trying to segregate, this is not a good practice. You can do some of this using Audiences in the Power BI app but that is not a full security feature. You either implement RLS on those reports too, and user A sees only blank data on User B reports and vice versa, or better yet, you set up separate workspaces for each group. Workspaces are not designed to be fully granular on segregating things within the workspace between different users. MS recommends separate workspaces for different user groups.



Did I answer your question? Mark my post as a solution!
Did my answers help arrive at a solution? Give it a kudos by clicking the Thumbs Up!

DAX is for Analysis. Power Query is for Data Modeling


Proud to be a Super User!

MCSA: BI Reporting

Thank you for your reply, although I think you may misunderstand what I am trying to do here. Please let me clarify.

 

The content of the reports are carbon copies for each user/client. There is no requirement for row level security because I am not sharing data for client A within the report which needs to be segregated from client B. Imagine a single PBIX report with one page and word "Microsoft" on it, there is absolutely no difference for each user.

 

What I am concerned about is the ability for Readers to see who else has access to the report, purely by virtue of being able to access the shared report. It is not data within the report itself.

 

I hope this helps clarify.

 

And what i am saying is those reports need to either be in separate workspaces for security, or you put them in one report and implement RLS. If they are viewers accessing the report via an App only (NO workspaces access) with RLS, they will have no clue what other users exist and will only see their data.

If you don't want RLS, then you need those carbon copy reports in separate workspaces.



Did I answer your question? Mark my post as a solution!
Did my answers help arrive at a solution? Give it a kudos by clicking the Thumbs Up!

DAX is for Analysis. Power Query is for Data Modeling


Proud to be a Super User!

MCSA: BI Reporting

I am so sorry, I am more confused than ever.

 

I cannot understand why I need RLS when the reports are the exact same. Perhaps I should provide some more detail.

 

The reports are provided via Secure Embed into our own website portal. The users are granted access to the reports via Workspace > PBIX Report > 'Manage Permissions' > Direct Access > unchecking all boxes > add user: Client A Security Group. 

 

Is there a way that the users can 'look up' other users who have access to the report, is what I mean.

 

I am thinking of just biting the bullet and paying for the Power BI Embedded option as I cannot work this out. Our clients would then not have to pay for individual Pro licences...

Yes, this is the first time you said you were providing the info via the Secure Embed link. I do not see how they can access the user list that have access to the reports. In this scenario they should not be users at all of the workspace. Without that, there is no way to see who has permissions.

For a very few reports, this could work, but if you are doing this for a lot of clients, then Power BI Embedded capacity is the better path, both from an administrative standpoint and a licensing standpoint. Just requires a little bit of setup.



Did I answer your question? Mark my post as a solution!
Did my answers help arrive at a solution? Give it a kudos by clicking the Thumbs Up!

DAX is for Analysis. Power Query is for Data Modeling


Proud to be a Super User!

MCSA: BI Reporting

Thank you, I very much appreciate your help.

 

Yes they have access to the shared reports via membership of an Entra Security Group which is given direct access (read only) to the PBIX report (and not the semantic model or the overall workspace). We then embed the PBIX report in our portal and they authenticate with their PBI login to access it. I understand they can also access the reports through app.powerbi.com via the 'shared with me' link.

 

Just wanted to double check before we consolidated our reports into a single workspace, as it would be a nightmare from client confidentiality / data privacy point of view if it turned out that one client could see the user list from another client!

 

We have over 200 individual users consuming our reports so consolidating this into a single workspace would be very positive from an administrative point of view. 

 

And yes, given the above we are highly considering Embedded capacity going forward. We just need to make sure that we won't hit capacity limits with our reports.

You should absolutely test this by logging in as an account that mimics one of your clients. With that many reports and users though, Embedded is really the recommended solution from MS, not granular editing of report permissions with secure embed links.



Did I answer your question? Mark my post as a solution!
Did my answers help arrive at a solution? Give it a kudos by clicking the Thumbs Up!

DAX is for Analysis. Power Query is for Data Modeling


Proud to be a Super User!

MCSA: BI Reporting

Helpful resources

Announcements
OCT PBI Update Carousel

Power BI Monthly Update - October 2024

Check out the October 2024 Power BI update to learn about new features.

September Hackathon Carousel

Microsoft Fabric & AI Learning Hackathon

Learn from experts, get hands-on experience, and win awesome prizes.

October NL Carousel

Fabric Community Update - October 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors
Top Kudoed Authors