Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
MichalAdam
Regular Visitor

PowerBI Embedded app owns data + filtering via URL filters = secure?

‎09-13-2022 06:19 AM

Hello!

 

I hope someone can help me 🙂 My organization is using microsoft dynamics and wants to embed a power bi report. The users that will view this report in MD365 won't have access to the PBI Service. So we want to set it up using the "app owns data" approach. The problem is that we need the users to only see specific rows. We can't use row level security with "app owns data" approach so my idea is that we will use the URL filters instead. So basically mapping of users and rows will happen on MS Dynamics side, a url will be generated that has the parameters that ensure the report is filtered in a way that everyone sees only the things they should see.

Is this secure? Is there any way a user could abuse this and somehow see the report without the URL filters?

 

Thanks!

Labels:
Message 1 of 3
779 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎09-14-2022 03:27 AM

 

Hi @MichalAdam, 

 

Please correct me if I misunderstood what you meant. 
1. Please check if the users accessing Power BI reports have proper license even Power BI Free license, if you don't register Power BI, you can't view the reports properly. 
2. Please check if the users are given proper access rights on both Power BI and Dynamics. 
3.URL filters are supported in Power BI Embedded. See Power BI Embedded advanced URL filtering capabilities for details. 

 

For more you may also check Power BI Embedded integration - Finance & Operations | Dynamics 365 | Microsoft Docs 

 

 

Best Regards, 

Neeko Tang 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. 

 

Message 2 of 3
731 Views
0
MichalAdam
Regular Visitor
In response to Anonymous

‎09-14-2022 04:28 AM

Hi,

 

According to this - if I embed for customers then the users don't need a PowerBI account:

  • Embed for your customers (also known as app owns data) The application presents the data, reports, dashboards, or tiles that you uploaded to your own Power BI account. In this type of application, you are using your own account, so your application owns the data for your customers. Your customers don't need their own Power BI account.

My idea is that I use embedding for customers and the embedded link will have some URL filtering that will work as security. The problem I have is I am not 100% sure if this will be secure (will the users be able to somehow see the embedded report without the url filters).

 

Best regards

Michał

 

Message 3 of 3
724 Views
0

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

View All