Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
neverpingbr88
New Member

Publish a Super Restricted Report

Hi all,

I work at a company where all administrative services are operated by a third-party company. As an employee, I need to upload a new dashboard containing data about all the third-party companies we work with. However, this third-party company that handles administration and support should not have access to any of this data. How can we use Power BI to achieve this?
Any ideia? Maybe "My Workspace" ?

1 ACCEPTED SOLUTION
RossEdwards
Solution Sage
Solution Sage

Anyone with Admin priviledges to your Power BI service has potential access to every workspace.  As a Power BI Admin I can add myself to any workspace.  Assuming they are the ones that create workspaces, it should be possible for them to create a workspace and remove themselves from it but also grant you (or someone else) admin access to that workspace.

 

This solution won't prevent them from seeing the content but would create a set of steps that they would have to go through to grant themselves the access.

 

In the world of data, some amount of acceptance is needed that a group will have the ability to see sensitive data.  If you cannot trust your 3rd party to handle sensistive data correctly then they should not have control of your Power BI.

View solution in original post

5 REPLIES 5
v-xingshen-msft
Community Support
Community Support

Hi @neverpingbr88 ,

If you want the third party company not to access your private data, if you have the role of the third party company in your workspace,

it is not good to delete it, you can create a new workspace without adding the third party company's personnel can also solve this problem.

vxingshenmsft_0-1721874541973.png

vxingshenmsft_1-1721874548492.png

At this point he has access to all my REPORTS or dashboards, but if a new workspace is created, no one from the third party company is added.

vxingshenmsft_2-1721874567996.png

At this point third party staff will not be able to access your workspace, which means even less access to the dashboard about your private data.

However, if you can't create a new workspace, we can set up RLS to put a block on people from third party companies.

vxingshenmsft_3-1721874580374.png

We set an always false condition to be given to this role, which means that this role does not have access to any data.

vxingshenmsft_4-1721874597998.png

And then publish it to our Service.

vxingshenmsft_5-1721874613003.png

vxingshenmsft_6-1721874620230.png

vxingshenmsft_7-1721874631520.png

At this point he can't see any data, ensuring the privacy of your data set.

 

vxingshenmsft_8-1721874651577.png

At this point he can't see any data, ensuring the privacy of your data set.

I also found the following document for you, which I hope will be helpful.

Row-level security (RLS) with Power BI - Microsoft Fabric | Microsoft Learn

 

Hope it helps!

 

Best regards,
Community Support Team_ Tom Shen

If this post helps then please consider Accept it as the solution to help the other members find it more quickly.

 

 

 

Any admin of the tenant can access any workspace with any role, even My workspaces and the RLS is no longer applied on users with Admin, Member or Contributor Role.

 

Regards
Amine Jerbi

If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook

@v-xingshen-msft  this advice misses the key point in the @neverpingbr88  post of "where all administrative services are operated by a third-party company".  Row level security is ignored if a user has edit access to a workspace, thus if the third party can simply add themselves to the workspace then this restriction will do nothing to address @neverpingbr88 concern.

 

While the third party has admin access, nothing can be done to stop them viewing data.  Methods can only create hoops to jump through to ensure they don't accidently see data.

aj1973
Community Champion
Community Champion

Completely agree with @RossEdwards and an untrusted third party should not have total control of the tenant period. I just want to add that My workspace are also accessible by the third party.

 

Regards
Amine Jerbi

If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook

RossEdwards
Solution Sage
Solution Sage

Anyone with Admin priviledges to your Power BI service has potential access to every workspace.  As a Power BI Admin I can add myself to any workspace.  Assuming they are the ones that create workspaces, it should be possible for them to create a workspace and remove themselves from it but also grant you (or someone else) admin access to that workspace.

 

This solution won't prevent them from seeing the content but would create a set of steps that they would have to go through to grant themselves the access.

 

In the world of data, some amount of acceptance is needed that a group will have the ability to see sensitive data.  If you cannot trust your 3rd party to handle sensistive data correctly then they should not have control of your Power BI.

Helpful resources

Announcements
Europe Fabric Conference

Europe’s largest Microsoft Fabric Community Conference

Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.

AugPowerBI_Carousel

Power BI Monthly Update - August 2024

Check out the August 2024 Power BI update to learn about new features.

September Hackathon Carousel

Microsoft Fabric & AI Learning Hackathon

Learn from experts, get hands-on experience, and win awesome prizes.

Sept NL Carousel

Fabric Community Update - September 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors