Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now

Reply
ArjanvanLoon
Frequent Visitor

Sharing permissions of other users vissible to all external users, GDPR breach?

Hello all,


I am quite surprised about the fact that external users of a PowerBI report are able to see all the other users, including their e-mail adresses. In my opinion this should be seen as a GDPR-databreach.

 

How do you guys think of this?!

 

Regards, Arjan

1 ACCEPTED SOLUTION

Hi @ArjanvanLoon ,

 

The Show Azure Active Directory guests in lists of suggested people setting helps organizations limit visibility of external users in sharing experiences. When disabled, Azure Active Directory (Azure AD) guest users are not shown in people picker suggested users lists. This helps prevent accidental sharing to external users and seeing which external users have been added to your organization through Power BI sharing UIs.

Hope its what you are looking for.

 

Best Regards,

Jay

Community Support Team _ Jay
If this post helps, then please consider Accept it as the solution
to help the other members find it.

View solution in original post

8 REPLIES 8
v-jayw-msft
Community Support
Community Support

Hi @ArjanvanLoon ,

 

There are related options about guest users' permission in the admin portal.

1.PNG

For more details, please check the document.

https://docs.microsoft.com/en-us/power-bi/admin/service-admin-portal#export-and-sharing-settings 

 

Best Regards,

Jay

Community Support Team _ Jay
If this post helps, then please consider Accept it as the solution
to help the other members find it.

Hello Jay,

Thanks for your reply but I don't see an option that is related to this issue.

Which setting did you have in mind with your post?

Regards, Arjan

Hi @ArjanvanLoon ,

 

The Show Azure Active Directory guests in lists of suggested people setting helps organizations limit visibility of external users in sharing experiences. When disabled, Azure Active Directory (Azure AD) guest users are not shown in people picker suggested users lists. This helps prevent accidental sharing to external users and seeing which external users have been added to your organization through Power BI sharing UIs.

Hope its what you are looking for.

 

Best Regards,

Jay

Community Support Team _ Jay
If this post helps, then please consider Accept it as the solution
to help the other members find it.

I think the description from the Microsoft documentation is a bit short, but you are absolutaly right. This setting also has effect on the list of people with access a shared report, so now our external guests can't open the list anymore.

 

Thank you very much for your help in this case!

ArjanvanLoon
Frequent Visitor

Of course and thanks for your reply! So I case you share a report via the PowerBI Service with a list of guest-users, then it is possible for them (with only read-rights) to view the names and e-mail addresses of all other users!

 
 

So in case you share your report with people from different organisations, then all guests can view the list of all users. In my opinion that is a GDPR-breach, similar as we saw before with Teams meetings.

 

manage-dashboard-permissions-page.png

 

Interesting, I never give users, that I'ved shared a report with, permissions to reshare, as I want to control who has access.  Thanks for sharing as I will have to test this

Agree, we also never reshare. So that is not the case for now.

So the users only have read permissions and are able to view the complete userlist... 😞


The shared image is a sample from internet to let you know about which page we are talking about. It is not our actuel case.

blopez11
Super User
Super User

A little more context would help me understand the scenario

Thanks,

Helpful resources

Announcements
November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Live Sessions with Fabric DB

Be one of the first to start using Fabric Databases

Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.

Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.

Nov PBI Update Carousel

Power BI Monthly Update - November 2024

Check out the November 2024 Power BI update to learn about new features.