Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hello everybody,
I am testing power bi and CRM. Today a big topic was the athorization. Let me explain (in my opinion) the difficulty of power bi by giving you an example:
Let's suppose that I have a work group called "CRM-TEST" and it includes me (the Admin of this group), Person A and Person B.
In order to successfully connect to CRM, the ADMIN has to have permission on the specific CRM URL which is given to him by the companie's responsible for CRM.
Now that Admin has it's permission, he connects to the given URL, gets several tables, makes Reports and shares them to the group "CRM-TEST".
1st problem: Person A, Person B don't have permission to CRM but still can see and update the dataset and the report.
2nd problem: after two weeks, the company's responsible decides (for whatever reason) to take the ADMIN's permission/authorization from CRM that he gave to him when he created the report (two weeks ago). BUT admin, Person A, Person B CAN STILL see and update the dataset and the report. The only thing that Admin can't do is GET NEW TABLES. The problem: now that Admin isn't anymore authorized to CRM, he shouldn't be able to update/see the dataset and the reports.
Now my question: am I doing somethin wrong or doesn't POWER BI have a solution to authorization questions?
The copmany's responsible of CRM goal is: to have control on power bi users on what they see and when they are able to see it.
Solved! Go to Solution.
You are saying that even if CRM online (that's what we're using) does require me to log in with a office 365 account when I want to get the data, it is not possible to control the connection AFTER THAT FIRST TIME when I got the data?
The connection should fail the next time a refresh is requested. The existing data is still accessible. (The same way it would be if you connected from an excel file).
That would mean that CRM by giving me the permission to have access to that data, it also gives me the permisison to give the permisison to other people in my group to see the data source and create/edit the reports?
By default, the report author passes on his permission level to the report user. UNLESS, you apply, or use, the tools to limit the view of end users. These options are.
RLS (Row Level Security) within Power BI
Direct Query to a SQL DB that supports RLS (Azure SQLDB, SQL 2016)
Live Connection to SSAS - where you would manage RLS in the model/cube
Both DQ and LC require that you manage your model/data in a different location other than in Power BI.
@gopowerbi I agree with smoupre. You'd have to get the data into a source that you could control. ie. SQL DB or SSAS where you would leverage Direct Query or Live Connection. Both of which require permissions on the data source and don't store data in Power BI.
Now depending on whether or not you are using CRM on premises or online, the online presents challenges in extracting the data, but it can be done. But this avenue is a lot more work to set up.
@Seth_C_Bauer & @Greg_Deckler thank you for you answers.
You are saying that even if CRM online (that's what we're using) does require me to log in with a office 365 account when I want to get the data, it is not possible to control the connection AFTER THAT FIRST TIME when I got the data?
That would mean that CRM by giving me the permission to have access to that data, it also gives me the permisison to give the permisison to other people in my group to see the data source and create/edit the reports?
You are saying that even if CRM online (that's what we're using) does require me to log in with a office 365 account when I want to get the data, it is not possible to control the connection AFTER THAT FIRST TIME when I got the data?
The connection should fail the next time a refresh is requested. The existing data is still accessible. (The same way it would be if you connected from an excel file).
That would mean that CRM by giving me the permission to have access to that data, it also gives me the permisison to give the permisison to other people in my group to see the data source and create/edit the reports?
By default, the report author passes on his permission level to the report user. UNLESS, you apply, or use, the tools to limit the view of end users. These options are.
RLS (Row Level Security) within Power BI
Direct Query to a SQL DB that supports RLS (Azure SQLDB, SQL 2016)
Live Connection to SSAS - where you would manage RLS in the model/cube
Both DQ and LC require that you manage your model/data in a different location other than in Power BI.
I'm not sure that your issue is unique to Power BI. If you did the same thing in Excel or in text CSV files, it's the same issue. Once you give someone access to a set of data, if they localize that data, you've lost control of who has access to the data.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
102 | |
53 | |
21 | |
13 | |
11 |