Adding row-level security to Power BI reports
Part four of a four-part series of blogs

To prevent the wrong people seeing the wrong data in your reports, you can create row-level security (for example, so only the London regional manager can see London data). This blog explains how!

  1. Securing Power BI Reports and Dashboards
  2. Row-level security in Power BI Desktop
  3. Row-level security in Power BI Service
  4. Who can see what in your reports (this blog)

This blog is part of a longer series, which together comprise a full online training course in Power BI Service.  You can see get details of our classsrom Power BI training courses here.

Posted by Andy Brown on 08 July 2017

You need a minimum screen resolution of about 700 pixels width to see our blogs. This is because they contain diagrams and tables which would not be viewable easily on a mobile phone or small laptop. Please use a larger tablet, notebook or desktop computer, or change your screen resolution settings.

Who can see what in your reports

This is one of the questions we get asked most frequently on our Power BI Desktop course. What data can people see when you publish a report?

For this report ... ... I've applied this filter.

Security is (to say the least) important.  Although this blog gives guidelines, you should carefully and separately check your report security works as you want it to.

Where you may have problems

The test will be whether someone can drill down to see the data in your report:

Drill-down

In Power BI Desktop you can drill down to see the data or records for a visualisation.

This shows all of the data which feed into the visualisation:

Underlying report data

However, you can only see the data meeting the current filter set.

Published reports

After publishing the report above, I can click on this button to export data:

Exporting data

You can export data from a published visualisation.

Worryingly, you can choose to export all of the underlying data for a visualisation:

Export data options

You can export the data for our chart to an Excel workbook.

 

The results?  A full spreadsheet of the data which feed into the visualisation:

Underlying data in Excel

So if you publish a visualisation, you're also publishing access to the underlying data.

Shared dashboards

With dashboards, the situation is similar.  You can click on any dashboard to go to the underlying report:

Going to report

You can also open a dashboard's menu to do the same thing, using the option shown above.

From there, you can export the report's data as before.  You can also choose to export the dashboard's data, although this only gives you the data shown in the dashboard:

Export dashboard data

If you choose this option, you get a CSV file of the data shown in the dashboard.

Here's what you would see for this example:

List of venues

A CSV file giving the data shown in the dashboard.

 

This doesn't claim to be an exhaustive study, but it seems that when you share reports or dashboards, you have to accept that people can see the underlying data.

  1. Securing Power BI Reports and Dashboards
  2. Row-level security in Power BI Desktop
  3. Row-level security in Power BI Service
  4. Who can see what in your reports (this blog)
This blog has 0 threads Add post