Get certified in Microsoft Fabric—for free! For a limited time, the Microsoft Fabric Community team will be offering free DP-600 exam vouchers. Prepare now
I'm really just looking for a specific clarification on one thing, let me outline a hypothetical scenario below:
All I want to know, is if the users in Client A can see any information about users in Client B, or vice versa.
Currently, we have effectively duplicated the PBIX reports into separate workspaces (and therefore have a lot of duplication of PBIX files), and granted each client through their own security group direct access to their specific report. However, the PBIX file is the same for each client and we would like to consolidate these into a single Workspace if possible.
Appreciate any advice or help.
Solved! Go to Solution.
You should absolutely test this by logging in as an account that mimics one of your clients. With that many reports and users though, Embedded is really the recommended solution from MS, not granular editing of report permissions with secure embed links.
DAX is for Analysis. Power Query is for Data Modeling
Proud to be a Super User!
MCSA: BI ReportingThe way you are doing it isn't correct. You must implement row level security when multiple users have access to the same report, no matter how they have access, to hide/show only the records you want them to see. Once you do that, you must demote all of them to "Viewer" only in the workspace. Anyone that is contributor or higher can see everything everywhere.
Row-level security (RLS) with Power BI - Power BI | Microsoft Learn
If you have multiple users in a single workspace you are trying to segregate, this is not a good practice. You can do some of this using Audiences in the Power BI app but that is not a full security feature. You either implement RLS on those reports too, and user A sees only blank data on User B reports and vice versa, or better yet, you set up separate workspaces for each group. Workspaces are not designed to be fully granular on segregating things within the workspace between different users. MS recommends separate workspaces for different user groups.
DAX is for Analysis. Power Query is for Data Modeling
Proud to be a Super User!
MCSA: BI ReportingThank you for your reply, although I think you may misunderstand what I am trying to do here. Please let me clarify.
The content of the reports are carbon copies for each user/client. There is no requirement for row level security because I am not sharing data for client A within the report which needs to be segregated from client B. Imagine a single PBIX report with one page and word "Microsoft" on it, there is absolutely no difference for each user.
What I am concerned about is the ability for Readers to see who else has access to the report, purely by virtue of being able to access the shared report. It is not data within the report itself.
I hope this helps clarify.
And what i am saying is those reports need to either be in separate workspaces for security, or you put them in one report and implement RLS. If they are viewers accessing the report via an App only (NO workspaces access) with RLS, they will have no clue what other users exist and will only see their data.
If you don't want RLS, then you need those carbon copy reports in separate workspaces.
DAX is for Analysis. Power Query is for Data Modeling
Proud to be a Super User!
MCSA: BI ReportingI am so sorry, I am more confused than ever.
I cannot understand why I need RLS when the reports are the exact same. Perhaps I should provide some more detail.
The reports are provided via Secure Embed into our own website portal. The users are granted access to the reports via Workspace > PBIX Report > 'Manage Permissions' > Direct Access > unchecking all boxes > add user: Client A Security Group.
Is there a way that the users can 'look up' other users who have access to the report, is what I mean.
I am thinking of just biting the bullet and paying for the Power BI Embedded option as I cannot work this out. Our clients would then not have to pay for individual Pro licences...
Yes, this is the first time you said you were providing the info via the Secure Embed link. I do not see how they can access the user list that have access to the reports. In this scenario they should not be users at all of the workspace. Without that, there is no way to see who has permissions.
For a very few reports, this could work, but if you are doing this for a lot of clients, then Power BI Embedded capacity is the better path, both from an administrative standpoint and a licensing standpoint. Just requires a little bit of setup.
DAX is for Analysis. Power Query is for Data Modeling
Proud to be a Super User!
MCSA: BI ReportingThank you, I very much appreciate your help.
Yes they have access to the shared reports via membership of an Entra Security Group which is given direct access (read only) to the PBIX report (and not the semantic model or the overall workspace). We then embed the PBIX report in our portal and they authenticate with their PBI login to access it. I understand they can also access the reports through app.powerbi.com via the 'shared with me' link.
Just wanted to double check before we consolidated our reports into a single workspace, as it would be a nightmare from client confidentiality / data privacy point of view if it turned out that one client could see the user list from another client!
We have over 200 individual users consuming our reports so consolidating this into a single workspace would be very positive from an administrative point of view.
And yes, given the above we are highly considering Embedded capacity going forward. We just need to make sure that we won't hit capacity limits with our reports.
You should absolutely test this by logging in as an account that mimics one of your clients. With that many reports and users though, Embedded is really the recommended solution from MS, not granular editing of report permissions with secure embed links.
DAX is for Analysis. Power Query is for Data Modeling
Proud to be a Super User!
MCSA: BI ReportingCheck out the October 2024 Power BI update to learn about new features.
Learn from experts, get hands-on experience, and win awesome prizes.