Pragmatic Works Blog

Power BI and Data Security - Data Classification

Written by Steve Hughes | May 05, 2017

As more enterprises adopt Power BI into their BI environment, questions still remain about data security. In his last webinar, our Business Intelligence Architect, Steve Hughes, discussed data security and compliance within the Power BI platform, including data classification, privacy levels and other settings that help manage security.

Expanding on his widespread knowledge of the topic, Steve has written a series of blog posts to answer specific questions about the service. His series will cover the following topics: privacy levels, on-premises data gateway, sharing data, as well as compliance and encryption.

The Power BI service is updated frequently. These articles were created based on the Power BI implementation in early April 2017. You may find improvements and changes that impact your experience that are based on newer releases. Feel free to add comments to highlight changes.

Power BI Data Classification

Data classification is a method available in Power BI which allows users to tag dashboards that alert consumers to sensitivity in their data. Data classifications are enabled and configured at the tenant level. Once established, a visible tag will be present on the dashboards.

Data classification is NOT a data security implementation. It is a tag for dashboards and can only be applied on the service, not on Power BI Desktop. If you plan on implementing this feature, you need matching policies and practices to support its use.

Power BI Privacy Levels

Power BI Privacy Levels “specify an isolation level that defines the degree that one data source will be isolated from other data sources."

After working through some testing scenarios and trying to discover the real impact to data security, I was unable to effectively show how this might have any bearing on data security in Power BI. During one test, I was shown a warning about using data from a website with data I had marked Organizational and Private.

In all cases, I was able to merge the data in the query and in the relationships with no warning or filtering. All of the documentation makes the same statement and most bloggers restate that Power BI documentation is not helpful.

My takeaway after reviewing this for a significant amount of time is to not consider these settings when evaluating data security in Power BI. I welcome comments or additional references which demonstrate how this isolation actually works in practice. In most cases, we are using organizational data within our Power BI solutions that will not be impacted by this setting and I find the performance improved after disabling it.

Here is the only instance where I was prompted about privacy levels while working with this. After marking it “public,” I proceeded to merge the data with a private connection. You may have a different experience than mine, however I would welcome comments to further the discussion on this topic.

References

Dashboard Data Classification

Power BI Desktop Privacy Levels

Power Query (Excel) Privacy Level Settings

Power BI Community Response on Privacy Levels

March 2016 Power BI Desktop Update – Search for Privacy Level

Webinar: Data Security in Power BI