In this blog post, I want to quickly discuss 2 things you need to know about Power BI Security as it relates to the Power BI Service. Many of the clients that I visit and perform training for are just getting into an implementation of Power BI and are not aware of these two items. I will probably come back and update this list as there are a couple more items I want to add, but those will take slightly more explanation!
Publish to Web should be disabled
The publish to web feature provides an Iframe that allows a user to take a report and then embed that anywhere an Iframe can be accepted. The problem with this is that now the report is 100% security free and anyone who has access to the report has access to everything in it.
If you choose not to disable this feature it should, at the very least, be limited to specific people within the organization who have received proper training. To disable or manage this feature you must perform the following steps:
- You must be a Power BI Administrator
- Next, select Admin Portal from the settings wheel found in the Power BI Service.
- From the admin portal, select Tenant Settings and then expand Publish to Web.
- Click on the button to disable Publish to Web feature.
Direct Query to a relational database is not a RLS enabled data source
Many users, especially users on later versions of SQL Server, assume incorrectly that a direct query connection to SQL Server will use the security restraints applied at the database level. Unfortunately, this just isn’t the case.
Any user connecting to a report with Direct Query is using the stored credentials in the enterprise data gateway and therefore will have access to whatever the data gateway has access to. So, if you have enabled row level security on the tables for your database, this is not going to work with direct query.
However, you can and should add row level security to your power bi data model (pbix) file. This row level security will work and limit access as it is intended!
Not sure how to set up Row Level Security in Power BI? Thanks ok! Click Here