Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Don't miss out! 2025 Microsoft Fabric Community Conference, March 31 - April 2, Las Vegas, Nevada. Use code MSCUST for a $150 discount. Prices go up February 11th. Register now.

Reply
bevizzled
Regular Visitor

Preventing sharing via browser URL

‎11-02-2023 05:14 AM

We've been trying to understand why our usage stats include people who should not have access to some of our reports.

 

On investigation, it looks like some users who did have viewing rights for a report copied the browser URL, and then shared that with colleagues (i.e. bypassed the fact that they did not have the sharing option in the report itself). Recipients then seems to be able to open the reports as usual.

 

This seems like a huge security risk; is there a setting in the Admin portal that could prevent this, for example creating a more secure URL in the browser? There is no way I can prevent people from copying a browser URL in the first place.

Labels:
Message 1 of 6
316 Views
0
5 REPLIES 5
djurecicK2
Super User
Super User

‎11-02-2023 07:59 AM

Ok- not sure why that is happening.

 

For read only distribution, you might want to create an app and share that app with the read only users.

 

Here is some additional information:

https://radacad.com/ultimate-sharing-strategy-power-bi-apps

 

Message 6 of 6
270 Views
0
djurecicK2
Super User
Super User

‎11-02-2023 07:32 AM

Ok. What about "Manage Access" in the workspace?

Message 4 of 6
288 Views
0
bevizzled
Regular Visitor
In response to djurecicK2

‎11-02-2023 07:33 AM

No, we also checked workspace permissions, including sharing permission. That is not it.

Message 5 of 6
285 Views
0
djurecicK2
Super User
Super User

‎11-02-2023 07:27 AM

Hi @bevizzled ,

 The report URL only works if the user has access to the report. I would look at the workspace and report permissions. 

 

To check the report permissions, you can go to ... to the right of the report and select "Manage Permissions"

djurecicK2_0-1698935114912.png

 

To check the workspace permissons, you can go to "Manage Access" from the workspace.

djurecicK2_1-1698935189504.png

 

Message 2 of 6
296 Views
0
bevizzled
Regular Visitor
In response to djurecicK2

‎11-02-2023 07:30 AM

That is what we thought, but these people are definitely not in the list of people who have permission in 'Manage permissions' (and there are no groups, only individuals, so that is not the issue), but still, they can open the report from the shared broswer URL. In some cases, the can open the report and not see the visuals (error messages where the visuals should be); in other casesit seems like they have full interaction. We are still trying to determine why this difference might exist.

PS: Also, none of the users in the permissions list have sharing rights.

Message 3 of 6
289 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All