I had been part of such projects where confidentiality of the data was a prime concern. In such scenarios, we design the report/data model using the dummy data. All row level security also being applied during this. And then once it has been tested, the report can be connected with the live data, to which, access can be restricted. The finance team/CFO team can be the owner/admin of the report and they can control who can have access to what level of data.
Hope this makes sense.
If it helps, please mark it as a solution Kudos would be a cherry on the top 🙂