Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
Hello all,
I am quite surprised about the fact that external users of a PowerBI report are able to see all the other users, including their e-mail adresses. In my opinion this should be seen as a GDPR-databreach.
How do you guys think of this?!
Regards, Arjan
Solved! Go to Solution.
Hi @ArjanvanLoon ,
The Show Azure Active Directory guests in lists of suggested people setting helps organizations limit visibility of external users in sharing experiences. When disabled, Azure Active Directory (Azure AD) guest users are not shown in people picker suggested users lists. This helps prevent accidental sharing to external users and seeing which external users have been added to your organization through Power BI sharing UIs.
Hope its what you are looking for.
Best Regards,
Jay
Hi @ArjanvanLoon ,
There are related options about guest users' permission in the admin portal.
For more details, please check the document.
https://docs.microsoft.com/en-us/power-bi/admin/service-admin-portal#export-and-sharing-settings
Best Regards,
Jay
Hello Jay,
Thanks for your reply but I don't see an option that is related to this issue.
Which setting did you have in mind with your post?
Regards, Arjan
Hi @ArjanvanLoon ,
The Show Azure Active Directory guests in lists of suggested people setting helps organizations limit visibility of external users in sharing experiences. When disabled, Azure Active Directory (Azure AD) guest users are not shown in people picker suggested users lists. This helps prevent accidental sharing to external users and seeing which external users have been added to your organization through Power BI sharing UIs.
Hope its what you are looking for.
Best Regards,
Jay
I think the description from the Microsoft documentation is a bit short, but you are absolutaly right. This setting also has effect on the list of people with access a shared report, so now our external guests can't open the list anymore.
Thank you very much for your help in this case!
Of course and thanks for your reply! So I case you share a report via the PowerBI Service with a list of guest-users, then it is possible for them (with only read-rights) to view the names and e-mail addresses of all other users!
So in case you share your report with people from different organisations, then all guests can view the list of all users. In my opinion that is a GDPR-breach, similar as we saw before with Teams meetings.
Interesting, I never give users, that I'ved shared a report with, permissions to reshare, as I want to control who has access. Thanks for sharing as I will have to test this
Agree, we also never reshare. So that is not the case for now.
So the users only have read permissions and are able to view the complete userlist... 😞
The shared image is a sample from internet to let you know about which page we are talking about. It is not our actuel case.
A little more context would help me understand the scenario
Thanks,
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
User | Count |
---|---|
33 | |
30 | |
19 | |
12 | |
8 |
User | Count |
---|---|
51 | |
36 | |
29 | |
14 | |
12 |