Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Score big with last-minute savings on the final tickets to FabCon Vienna. Secure your discount

Reply
Martapv
Regular Visitor

How to securely manage multiple client reports in Power BI (Apps vs Workspaces)

‎05-15-2025 06:49 AM

Hi,

We are implementing Power BI in our company and we have an important question about how to manage reports for external clients securely. We want to give each client access to only their report, without being able to see reports from other clients. We would like to publish multiple reports in a single workspace (one per client), and then share only the relevant report through a Power BI App to each client.

  1. Is it secure to keep multiple client reports in a single workspace and use Apps to restrict access?

  2. If a client only has access to the App (not to the workspace), can they somehow see or know there are other reports?

  3. What if a client is accidentally given Viewer access to the workspace — will they see all the reports in it?

  4. Is it best practice to create a separate workspace per client to ensure full isolation?

  5. Is there any way to restrict access more granularly without splitting into multiple workspaces?

Thank you for advance

 

Labels:
Message 1 of 5
260 Views
0
1 ACCEPTED SOLUTION
v-pgoloju
Community Support
Community Support
In response to Martapv

‎05-15-2025 09:30 PM

Hi @Martapv,

 

Thanks for reaching out to the Microsoft Fabric Forum Community.

 

1. Using a Single Workspace with Apps. Secure if configured correctly. Apps only show selected content to users. Regular permission testing is essential.

2. Client Access to App Only, Clients cannot see other reports in the workspace if they only have access to the App. App visibility is limited to shared content only.

3. If Client Gets Viewer Access to Workspace. Yes, they will see all content in that workspace. Avoid giving clients workspace access unless necessary.

4. Separate Workspace per Client (Best Practice). Ensures complete isolation of data and reports. Simplifies permission management and minimizes risk.

5. More Granular Control Without Separate Workspaces. Row-Level Security (RLS) limits data visibility within shared reports. Apps can restrict report access, but need careful setup.

6. Azure AD Security Groups. Use groups for scalable access management. Assign roles and permissions based on group membership. Enhances control and reduces admin overhead.


If this helped, please mark the response as the accepted solution and give it a thumbs-up so others can benefit too.

 

Best regards,
Prasanna Kumar

 

View solution in original post

Message 3 of 5
216 Views
4 REPLIES 4
v-pgoloju
Community Support
Community Support

‎05-21-2025 09:39 PM

Hi @Martapv,

 

We wanted to kindly check in to see if everything is working as expected after trying the suggested solution. If there’s anything else we can assist with, please don’t hesitate to ask.

If the issue is resolved, we’d appreciate it if you could mark the helpful reply as Accepted Solution  it helps others who might face a similar issue.

 

Warm regards,

Prasanna Kumar

Message 5 of 5
137 Views
0
v-pgoloju
Community Support
Community Support

‎05-19-2025 10:56 PM

Hi @Martapv,

 

Just following up to see if the solution provided was helpful in resolving your issue. Please feel free to let us know if you need any further assistance.

If the response addressed your query, kindly mark it as Accepted Solution and click Yes if you found it helpful  this will benefit others in the community as well.

 

Best regards,

Prasanna Kumar

Message 4 of 5
165 Views
0
Martapv
Regular Visitor

‎05-15-2025 06:51 AM

Additional note:
It is important to mention that each report will be accessed by a large volume of users, so our intention is to manage access using Azure AD security groups (not individual users). These groups are already defined by client or role.

We are looking for the most scalable and secure way to manage access without duplicating workspaces unnecessarily.

Message 2 of 5
258 Views
0
v-pgoloju
Community Support
Community Support
In response to Martapv

‎05-15-2025 09:30 PM

Hi @Martapv,

 

Thanks for reaching out to the Microsoft Fabric Forum Community.

 

1. Using a Single Workspace with Apps. Secure if configured correctly. Apps only show selected content to users. Regular permission testing is essential.

2. Client Access to App Only, Clients cannot see other reports in the workspace if they only have access to the App. App visibility is limited to shared content only.

3. If Client Gets Viewer Access to Workspace. Yes, they will see all content in that workspace. Avoid giving clients workspace access unless necessary.

4. Separate Workspace per Client (Best Practice). Ensures complete isolation of data and reports. Simplifies permission management and minimizes risk.

5. More Granular Control Without Separate Workspaces. Row-Level Security (RLS) limits data visibility within shared reports. Apps can restrict report access, but need careful setup.

6. Azure AD Security Groups. Use groups for scalable access management. Assign roles and permissions based on group membership. Enhances control and reduces admin overhead.


If this helped, please mark the response as the accepted solution and give it a thumbs-up so others can benefit too.

 

Best regards,
Prasanna Kumar

 

Message 3 of 5
217 Views

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Kudoed Authors
View All