Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Score big with last-minute savings on the final tickets to FabCon Vienna. Secure your discount

Reply
D_PBI
Post Partisan
Post Partisan

Is there a way for a user to access the cached (Import Mode) data from an embedded PBI report?

‎06-12-2023 12:46 AM

Hi,
I have built a PBI report that a third-party has taken and embedded into a Portal (embedded into an iframe inside a webpage they've built). I've had no involvement in this Portal design/build and therefore am not aware of how secure our data is there.

How this Portal will work is, a user will be granted access to this Portal and they will be provided a username and password to enter the Portal. Once inside the Portal, the embedded PBI report will show. Depending on the user logged in, the data shown may or may not be restricted. This is determined by the user's ID being passed to the PBI report and the logic in the report determining what is shown. I built the report and am happy the report itself works as expected, it's just the Portal security that I'm not sure about.

My question is, is there any way the Portal user would be able to gain access to the full set of data that will be cached (as we're using Import Mode) in the report?  Could the user somehow manipulate the webpage's URL to see the report and its full data set?  Could the user somehow download the report from the Portal and see the cached data?

 

Thanks.

Labels:
Message 1 of 2
234 Views
0
1 REPLY 1
ibarrau
Super User
Super User

‎06-12-2023 06:01 AM

Hi. This is something that you should ask the developer. All security concerns you might have you should discuss with the provider. The worst case scenario they would have access to the PowerBi Rest API. It's not about cache, my concern would be security of tokens about operations with API.

We have a Solution for Embedded in our company, and that would be the major concern, keeping the tokens and secrets hidden to avoid an API access. 

I hope that make sense


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 2 of 2
197 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Kudoed Authors
View All