Reply
neverpingbr88
New Member

Publish a Super Restricted Report

‎07-24-2024 02:35 PM

Hi all,

I work at a company where all administrative services are operated by a third-party company. As an employee, I need to upload a new dashboard containing data about all the third-party companies we work with. However, this third-party company that handles administration and support should not have access to any of this data. How can we use Power BI to achieve this?
Any ideia? Maybe "My Workspace" ?

Labels:
Message 1 of 6
377 Views
0
1 ACCEPTED SOLUTION
RossEdwards
Solution Sage
Solution Sage

‎07-24-2024 06:16 PM

Anyone with Admin priviledges to your Power BI service has potential access to every workspace.  As a Power BI Admin I can add myself to any workspace.  Assuming they are the ones that create workspaces, it should be possible for them to create a workspace and remove themselves from it but also grant you (or someone else) admin access to that workspace.

 

This solution won't prevent them from seeing the content but would create a set of steps that they would have to go through to grant themselves the access.

 

In the world of data, some amount of acceptance is needed that a group will have the ability to see sensitive data.  If you cannot trust your 3rd party to handle sensistive data correctly then they should not have control of your Power BI.

View solution in original post

Message 2 of 6
331 Views
5 REPLIES 5
v-xingshen-msft
Community Support
Community Support

‎07-24-2024 07:32 PM

Hi @neverpingbr88 ,

If you want the third party company not to access your private data, if you have the role of the third party company in your workspace,

it is not good to delete it, you can create a new workspace without adding the third party company's personnel can also solve this problem.

vxingshenmsft_0-1721874541973.png

vxingshenmsft_1-1721874548492.png

At this point he has access to all my REPORTS or dashboards, but if a new workspace is created, no one from the third party company is added.

vxingshenmsft_2-1721874567996.png

At this point third party staff will not be able to access your workspace, which means even less access to the dashboard about your private data.

However, if you can't create a new workspace, we can set up RLS to put a block on people from third party companies.

vxingshenmsft_3-1721874580374.png

We set an always false condition to be given to this role, which means that this role does not have access to any data.

vxingshenmsft_4-1721874597998.png

And then publish it to our Service.

vxingshenmsft_5-1721874613003.png

vxingshenmsft_6-1721874620230.png

vxingshenmsft_7-1721874631520.png

At this point he can't see any data, ensuring the privacy of your data set.

 

vxingshenmsft_8-1721874651577.png

At this point he can't see any data, ensuring the privacy of your data set.

I also found the following document for you, which I hope will be helpful.

Row-level security (RLS) with Power BI - Microsoft Fabric | Microsoft Learn

 

Hope it helps!

 

Best regards,
Community Support Team_ Tom Shen

If this post helps then please consider Accept it as the solution to help the other members find it more quickly.

 

 

 

Message 4 of 6
302 Views
0
aj1973
Community Champion
Community Champion
In response to v-xingshen-msft

‎07-24-2024 07:58 PM

Any admin of the tenant can access any workspace with any role, even My workspaces and the RLS is no longer applied on users with Admin, Member or Contributor Role.

 

Regards
Amine Jerbi

If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook

Message 6 of 6
283 Views
0
RossEdwards
Solution Sage
Solution Sage
In response to v-xingshen-msft

‎07-24-2024 07:37 PM

@v-xingshen-msft  this advice misses the key point in the @neverpingbr88  post of "where all administrative services are operated by a third-party company".  Row level security is ignored if a user has edit access to a workspace, thus if the third party can simply add themselves to the workspace then this restriction will do nothing to address @neverpingbr88 concern.

 

While the third party has admin access, nothing can be done to stop them viewing data.  Methods can only create hoops to jump through to ensure they don't accidently see data.

Message 5 of 6
298 Views
0
aj1973
Community Champion
Community Champion

‎07-24-2024 07:23 PM

Completely agree with @RossEdwards and an untrusted third party should not have total control of the tenant period. I just want to add that My workspace are also accessible by the third party.

 

Regards
Amine Jerbi

If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook

Message 3 of 6
308 Views
0
RossEdwards
Solution Sage
Solution Sage

‎07-24-2024 06:16 PM

Anyone with Admin priviledges to your Power BI service has potential access to every workspace.  As a Power BI Admin I can add myself to any workspace.  Assuming they are the ones that create workspaces, it should be possible for them to create a workspace and remove themselves from it but also grant you (or someone else) admin access to that workspace.

 

This solution won't prevent them from seeing the content but would create a set of steps that they would have to go through to grant themselves the access.

 

In the world of data, some amount of acceptance is needed that a group will have the ability to see sensitive data.  If you cannot trust your 3rd party to handle sensistive data correctly then they should not have control of your Power BI.

Message 2 of 6
332 Views
avatar user

Helpful resources

Announcements
March PBI video - carousel

Power BI Monthly Update - March 2025

Check out the March 2025 Power BI update to learn about new features.

March2025 Carousel

Fabric Community Update - March 2025

Find out what's new and trending in the Fabric community.

Stop
View All
Top Solution Authors (Last Month)
View All
Top Kudoed Authors (Last Month)
View All