Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
willatkinson
Helper I
Helper I

Sharepoint online data security

‎09-18-2024 05:58 AM

Hi,

 

I had a request from a user who tried to share their report with a colleague, but they were unable to view the data in the report.

 

The source for the report was an excel file held in sharepoint online, so I suggested that their colleague needed to be granted access to the sharepoint file in order to access the report.

 

I understand that this could cause an issue if the user wanted their report to be viewed but not the source file, but in this incident it wasn't an issue.

 

 

 

However, whilst looking at a report for another user, I noticed that some of the visuals were referencing a source in a sharepoint online location. 

 

Now I could see the data in the visual in the service version and the pbix version of the report, but when I went onto data source settings and copied the link to their sharepoint site, I saw that I did not have access to the site.

 

 

Does anyone know how it is possible for someone to view data in a report where they don't have access the source file in sharepoint online?

 

We were looking into data source credentials in the service version of the report, and were trying to work out if it was to do with the report itself always having the creators sign in credentials added so that anyone they share the report with can view it?

 

 

Any help would be greatly appreciated, although not looking for RLS solutions please!

 

 

Cheers,

 

Will

Labels:
Message 1 of 8
241 Views
0
1 ACCEPTED SOLUTION
lbendlin
Super User
Super User

‎09-18-2024 01:55 PM

Don't forget that the connection user scope does not need to match the scope of the report user. In fact, this is one of the min causes for accidental oversharing (exactly the things that RLS is attempting to restrict).

 

To make matters even more interesting you can be given access to a file in a sharepoint but NOT to the actual sharepoint site.  Now that is truly messed up 🙂

View solution in original post

Message 2 of 8
202 Views
0
7 REPLIES 7
v-denglli-msft
Community Support
Community Support

Thursday

Hi @willatkinson ,

May I ask if you have gotten this issue resolved?

If it is solved, please mark the helpful reply or share your solution and accept it as solution, it will be helpful for other members of the community who have similar problems as yours to solve it faster .

Thank you very much for your kind cooperation!

Best Regards,
Dengliang Li.

Message 8 of 8
60 Views
0
lbendlin
Super User
Super User

‎09-18-2024 01:55 PM

Don't forget that the connection user scope does not need to match the scope of the report user. In fact, this is one of the min causes for accidental oversharing (exactly the things that RLS is attempting to restrict).

 

To make matters even more interesting you can be given access to a file in a sharepoint but NOT to the actual sharepoint site.  Now that is truly messed up 🙂

Message 2 of 8
203 Views
0
willatkinson
Helper I
Helper I
In response to lbendlin

‎09-20-2024 01:53 AM

So does this mean someone can view data in a report, even if they don't have access to the sharepoint site?

Message 3 of 8
165 Views
0
lbendlin
Super User
Super User
In response to willatkinson

‎09-20-2024 04:16 AM

Yes, if the connection owner has access.

Message 4 of 8
160 Views
0
willatkinson
Helper I
Helper I
In response to lbendlin

Monday

Oh ok thanks thats good to know. How do you configure this in the report in the PBI service?

Message 5 of 8
125 Views
0
willatkinson
Helper I
Helper I
In response to willatkinson

Monday

 

 

Configure 2.PNG

Do these authentication methods affect this?

Message 6 of 8
113 Views
0
lbendlin
Super User
Super User
In response to willatkinson

Monday

Not sure what you mean. Only OAuth2 is supported.

Message 7 of 8
103 Views
0

Helpful resources

Announcements
Sept PBI Carousel

Power BI Monthly Update - September 2024

Check out the September 2024 Power BI update to learn about new features.

September Hackathon Carousel

Microsoft Fabric & AI Learning Hackathon

Learn from experts, get hands-on experience, and win awesome prizes.

Sept NL Carousel

Fabric Community Update - September 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All