The ultimate Microsoft Fabric, Power BI, Azure AI, and SQL learning event: Join us in Stockholm, September 24-27, 2024.
Save €200 with code MSCUST on top of early bird pricing!
Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started
Hi all,
I work at a company where all administrative services are operated by a third-party company. As an employee, I need to upload a new dashboard containing data about all the third-party companies we work with. However, this third-party company that handles administration and support should not have access to any of this data. How can we use Power BI to achieve this?
Any ideia? Maybe "My Workspace" ?
Solved! Go to Solution.
Anyone with Admin priviledges to your Power BI service has potential access to every workspace. As a Power BI Admin I can add myself to any workspace. Assuming they are the ones that create workspaces, it should be possible for them to create a workspace and remove themselves from it but also grant you (or someone else) admin access to that workspace.
This solution won't prevent them from seeing the content but would create a set of steps that they would have to go through to grant themselves the access.
In the world of data, some amount of acceptance is needed that a group will have the ability to see sensitive data. If you cannot trust your 3rd party to handle sensistive data correctly then they should not have control of your Power BI.
Hi @neverpingbr88 ,
If you want the third party company not to access your private data, if you have the role of the third party company in your workspace,
it is not good to delete it, you can create a new workspace without adding the third party company's personnel can also solve this problem.
At this point he has access to all my REPORTS or dashboards, but if a new workspace is created, no one from the third party company is added.
At this point third party staff will not be able to access your workspace, which means even less access to the dashboard about your private data.
However, if you can't create a new workspace, we can set up RLS to put a block on people from third party companies.
We set an always false condition to be given to this role, which means that this role does not have access to any data.
And then publish it to our Service.
At this point he can't see any data, ensuring the privacy of your data set.
At this point he can't see any data, ensuring the privacy of your data set.
I also found the following document for you, which I hope will be helpful.
Row-level security (RLS) with Power BI - Microsoft Fabric | Microsoft Learn
Hope it helps!
Best regards,
Community Support Team_ Tom Shen
If this post helps then please consider Accept it as the solution to help the other members find it more quickly.
Any admin of the tenant can access any workspace with any role, even My workspaces and the RLS is no longer applied on users with Admin, Member or Contributor Role.
Regards
Amine Jerbi
If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook
@v-xingshen-msft this advice misses the key point in the @neverpingbr88 post of "where all administrative services are operated by a third-party company". Row level security is ignored if a user has edit access to a workspace, thus if the third party can simply add themselves to the workspace then this restriction will do nothing to address @neverpingbr88 concern.
While the third party has admin access, nothing can be done to stop them viewing data. Methods can only create hoops to jump through to ensure they don't accidently see data.
Completely agree with @RossEdwards and an untrusted third party should not have total control of the tenant period. I just want to add that My workspace are also accessible by the third party.
Regards
Amine Jerbi
If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook
Anyone with Admin priviledges to your Power BI service has potential access to every workspace. As a Power BI Admin I can add myself to any workspace. Assuming they are the ones that create workspaces, it should be possible for them to create a workspace and remove themselves from it but also grant you (or someone else) admin access to that workspace.
This solution won't prevent them from seeing the content but would create a set of steps that they would have to go through to grant themselves the access.
In the world of data, some amount of acceptance is needed that a group will have the ability to see sensitive data. If you cannot trust your 3rd party to handle sensistive data correctly then they should not have control of your Power BI.
Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.
Check out the August 2024 Power BI update to learn about new features.
Learn from experts, get hands-on experience, and win awesome prizes.
User | Count |
---|---|
49 | |
18 | |
12 | |
10 | |
10 |
User | Count |
---|---|
118 | |
30 | |
28 | |
21 | |
20 |