The ultimate Fabric, Power BI, SQL, and AI community-led learning event. Save €200 with code FABCOMM.
Get registeredEnhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends September 15. Request your voucher.
Hi,
I have built a PBI report that a third-party has taken and embedded into a Portal (embedded into an iframe inside a webpage they've built). I've had no involvement in this Portal design/build and therefore am not aware of how secure our data is there.
How this Portal will work is, a user will be granted access to this Portal and they will be provided a username and password to enter the Portal. Once inside the Portal, the embedded PBI report will show. Depending on the user logged in, the data shown may or may not be restricted. This is determined by the user's ID being passed to the PBI report and the logic in the report determining what is shown. I built the report and am happy the report itself works as expected, it's just the Portal security that I'm not sure about.
My question is, is there any way the Portal user would be able to gain access to the full set of data that will be cached (as we're using Import Mode) in the report? Could the user somehow manipulate the webpage's URL to see the report and its full data set? Could the user somehow download the report from the Portal and see the cached data?
Thanks.
Hi. This is something that you should ask the developer. All security concerns you might have you should discuss with the provider. The worst case scenario they would have access to the PowerBi Rest API. It's not about cache, my concern would be security of tokens about operations with API.
We have a Solution for Embedded in our company, and that would be the major concern, keeping the tokens and secrets hidden to avoid an API access.
I hope that make sense
Happy to help!