Reply
bevizzled
Regular Visitor

Preventing sharing via browser URL

‎11-02-2023 05:14 AM

We've been trying to understand why our usage stats include people who should not have access to some of our reports.

 

On investigation, it looks like some users who did have viewing rights for a report copied the browser URL, and then shared that with colleagues (i.e. bypassed the fact that they did not have the sharing option in the report itself). Recipients then seems to be able to open the reports as usual.

 

This seems like a huge security risk; is there a setting in the Admin portal that could prevent this, for example creating a more secure URL in the browser? There is no way I can prevent people from copying a browser URL in the first place.

Labels:
Message 1 of 6
348 Views
0
5 REPLIES 5
djurecicK2
Super User
Super User

‎11-02-2023 07:59 AM

Ok- not sure why that is happening.

 

For read only distribution, you might want to create an app and share that app with the read only users.

 

Here is some additional information:

https://radacad.com/ultimate-sharing-strategy-power-bi-apps

 

Message 6 of 6
302 Views
0
djurecicK2
Super User
Super User

‎11-02-2023 07:32 AM

Ok. What about "Manage Access" in the workspace?

Message 4 of 6
320 Views
0
bevizzled
Regular Visitor
In response to djurecicK2

‎11-02-2023 07:33 AM

No, we also checked workspace permissions, including sharing permission. That is not it.

Message 5 of 6
317 Views
0
djurecicK2
Super User
Super User

‎11-02-2023 07:27 AM

Hi @bevizzled ,

 The report URL only works if the user has access to the report. I would look at the workspace and report permissions. 

 

To check the report permissions, you can go to ... to the right of the report and select "Manage Permissions"

djurecicK2_0-1698935114912.png

 

To check the workspace permissons, you can go to "Manage Access" from the workspace.

djurecicK2_1-1698935189504.png

 

Message 2 of 6
328 Views
0
bevizzled
Regular Visitor
In response to djurecicK2

‎11-02-2023 07:30 AM

That is what we thought, but these people are definitely not in the list of people who have permission in 'Manage permissions' (and there are no groups, only individuals, so that is not the issue), but still, they can open the report from the shared broswer URL. In some cases, the can open the report and not see the visuals (error messages where the visuals should be); in other casesit seems like they have full interaction. We are still trying to determine why this difference might exist.

PS: Also, none of the users in the permissions list have sharing rights.

Message 3 of 6
321 Views
0
avatar user

Helpful resources

Announcements
March PBI video - carousel

Power BI Monthly Update - March 2025

Check out the March 2025 Power BI update to learn about new features.

March2025 Carousel

Fabric Community Update - March 2025

Find out what's new and trending in the Fabric community.

Stop
View All
Top Solution Authors (Last Month)
View All
Top Kudoed Authors (Last Month)
View All