Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
user01650
New Member

Using Copilot to circumvent Row Level Security

‎06-11-2024 03:06 PM

While testing the "Preview" toggle of Copilot within Power BI Service, I observed that it queries the dataset directly to provide answers, unlike the previous method that relied on page visuals. This raises a potential security issue.

 

During today's test with a user who had Row-Level Security (RLS) applied to two reports, I noticed a concern. The user, who should only access data for a specific customer (say, Customer ABC), and whose report visuals only display data for that customer, was able to retrieve data for Customer XYZ when querying Copilot, even though they should not have access to that information.

 

This issue occurs only when the "Preview" toggle is active. If the toggle is off, and they inquire about Customer XYZ, there is no response. Additionally, I found that Copilot cannot utilize table relationships to identify rows related to Customer XYZ if the report lacks a customer column and instead uses an Account Number or a similar identifier. However, if a user knows the data structure in a report, they can query information they shouldn't access.

 

Is there an ongoing development for a solution, or is there a way to prevent this issue other than disabling Copilot at the Tenant level?

 

Thank you in advance for any assistance you may be able to provide us in this matter, it is greatly appreciated.

Message 1 of 3
3,540 Views
2 REPLIES 2
AlexisOlson
Super User
Super User

‎06-11-2024 03:54 PM

That's a pretty bad security problem. Copilot should inherit the user's permissions.

 

I'd recommend posting this in the Issues forum

https://community.fabric.microsoft.com/t5/Issues/idb-p/Issues

Message 3 of 3
3,512 Views
0
GilbertQ
Super User
Super User

‎06-11-2024 03:19 PM

Hi @user01650 

 

This is my certain issue due to the preview phase of using Power BI. This is an ongoing challenge and I'm certain to be resolved when it goes GA.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 3
3,521 Views
0

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All
Top Solution Authors
View All