- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Publish a Super Restricted Report
Hi all,
I work at a company where all administrative services are operated by a third-party company. As an employee, I need to upload a new dashboard containing data about all the third-party companies we work with. However, this third-party company that handles administration and support should not have access to any of this data. How can we use Power BI to achieve this?
Any ideia? Maybe "My Workspace" ?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anyone with Admin priviledges to your Power BI service has potential access to every workspace. As a Power BI Admin I can add myself to any workspace. Assuming they are the ones that create workspaces, it should be possible for them to create a workspace and remove themselves from it but also grant you (or someone else) admin access to that workspace.
This solution won't prevent them from seeing the content but would create a set of steps that they would have to go through to grant themselves the access.
In the world of data, some amount of acceptance is needed that a group will have the ability to see sensitive data. If you cannot trust your 3rd party to handle sensistive data correctly then they should not have control of your Power BI.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @neverpingbr88 ,
If you want the third party company not to access your private data, if you have the role of the third party company in your workspace,
it is not good to delete it, you can create a new workspace without adding the third party company's personnel can also solve this problem.
At this point he has access to all my REPORTS or dashboards, but if a new workspace is created, no one from the third party company is added.
At this point third party staff will not be able to access your workspace, which means even less access to the dashboard about your private data.
However, if you can't create a new workspace, we can set up RLS to put a block on people from third party companies.
We set an always false condition to be given to this role, which means that this role does not have access to any data.
And then publish it to our Service.
At this point he can't see any data, ensuring the privacy of your data set.
At this point he can't see any data, ensuring the privacy of your data set.
I also found the following document for you, which I hope will be helpful.
Row-level security (RLS) with Power BI - Microsoft Fabric | Microsoft Learn
Hope it helps!
Best regards,
Community Support Team_ Tom Shen
If this post helps then please consider Accept it as the solution to help the other members find it more quickly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any admin of the tenant can access any workspace with any role, even My workspaces and the RLS is no longer applied on users with Admin, Member or Contributor Role.
Regards
Amine Jerbi
If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@v-xingshen-msft this advice misses the key point in the @neverpingbr88 post of "where all administrative services are operated by a third-party company". Row level security is ignored if a user has edit access to a workspace, thus if the third party can simply add themselves to the workspace then this restriction will do nothing to address @neverpingbr88 concern.
While the third party has admin access, nothing can be done to stop them viewing data. Methods can only create hoops to jump through to ensure they don't accidently see data.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Completely agree with @RossEdwards and an untrusted third party should not have total control of the tenant period. I just want to add that My workspace are also accessible by the third party.
Regards
Amine Jerbi
If I answered your question, please mark this thread as accepted
and you can follow me on
My Website, LinkedIn and Facebook
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anyone with Admin priviledges to your Power BI service has potential access to every workspace. As a Power BI Admin I can add myself to any workspace. Assuming they are the ones that create workspaces, it should be possible for them to create a workspace and remove themselves from it but also grant you (or someone else) admin access to that workspace.
This solution won't prevent them from seeing the content but would create a set of steps that they would have to go through to grant themselves the access.
In the world of data, some amount of acceptance is needed that a group will have the ability to see sensitive data. If you cannot trust your 3rd party to handle sensistive data correctly then they should not have control of your Power BI.

Helpful resources
Subject | Author | Posted | |
---|---|---|---|
01-20-2025 01:14 AM | |||
06-25-2024 06:17 AM | |||
09-25-2024 04:15 PM | |||
10-09-2024 04:21 AM | |||
09-18-2024 03:37 PM |