Fabric is Generally Available. Browse Fabric Presentations. Work towards your Fabric certification with the Cloud Skills Challenge.
If you've used the (preview at this writing) PowerBI Audit Log in the Security and Compliance Audit Log Office 365 Admin query tool; you'll notice that it does not have a column for: "result" or "exit code" or "success/fail/permission-denied".
A very problematic issue has resulted for me.
Example:
Let's say you build a report/dashboard off a SQL Tabular source (connected via gateway of course). And you apply security using SQL Tabular Roles (at the Tabular level, not the PowerBI level). Then, you share the report/dashboard to a PowerBI Workspace with several users. Fine so far...
Now, let's say Suzy Smith does NOT have Tabular read-rights. She can't use the cube from Excel AND she can't view content shared w/ her from PowerBI. Great. That's how it should work. The dashboard would render the (X) "ERROR" message for her on each object - as appropriate.
BUT - and here's the caution for enterprises - If someone shares a dashboard/report w/ Suzy Smith and she's clicks it (she'll get the appropriate error on the report) but the audit log will create an entry that reads: "Suzy Smith - ViewDashboard - datetime".
Thus, the audit log notes that Suzy Smith did see the dashboard. In reality, she didn't. She got the (X) error on every object on the dashobard. Suzy Smith did NOT see the company's forecast for next quarter. But your audit log implies that she did.
Your company's auditor ~may~ not like this.
Technically speaking, the dashboard did load. In your example individual tiles will get the X because she wouldn't be able to talk to the tabular instance.
What if they had a mix of items on the dashboard. Maybe some items from an imported report/dataset mixed with some tiles from a live SSAS report. The items for the improted dataset would load properly, but the SSAS Live tiles would error. The dashboard was still viewed.
Thanks. And, I agree w/ your logic. The dashboard or report is an object unto itself - and technically, it was viewed by Suzy in this hypothetical situation. So, fair to have an audit entry for it.
But, you can see the challenge at an enterprise level.
I'll add some ideas to the idea link you provided:
* Perhaps the audit log should be at the object level, not the container level.
* If the log continues to audit at the dashboard/report level; then perhaps there should be a 'result' (exit) code: E.g:
- 1 = All objects rendered w/o Error
- 2 = Full/Partial Object-Render Errors on Report or Dashboard
-Eric.
I understand the confusion and realize that some may see a failure in a visual as a failure to load the dashboard. I don't know that not logging the view dashboard is the right approach though (mainly for my example of a mixed dashboard).
Check out the November 2023 Power BI update to learn about new features.
Read the latest Fabric Community announcements, including updates on Power BI, Synapse, Data Factory and Data Activator.