Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
vanessafvg
Super User
Super User

Using Power BI Desktop instead of the full shebang , - thoughts on security?

‎04-10-2017 12:31 PM

I am currently working for a client who haven't really decided on the cloud yet due to being an old school traditional type finance institution.  They also dont really have a relational database structure.  They have given me csv's that would be output from an email type system to create their dashboards.  Some of their requirments are to let the sales people see their data but only their data.

 

I was wondering if anyone had had this issue before and if there is a way to handle it without pushing to the cloud.  If they were pulling from a database i would think setting up a pbit template and applying permissions on the database side would be the right way, however with csv's i dont have that luxury.  Is there any way to apply any security in this scenario?

 

I was also wondering if anyone here works for a finance company who are with good reason precious about their data and if they are using the power bi service and how they got buy in to use it. Ie how secure is data in the cloud on the power bi service.  Specifically if they want to keep the data in the european domain due to those regulations.

 

thanks

 





If I took the time to answer your question and I came up with a solution, please mark my post as a solution and /or give kudos freely for the effort 🙂 Thank you!

Proud to be a Super User!




Labels:
Message 1 of 4
648 Views
0
3 REPLIES 3
dkay84_PowerBI
Employee
Employee

‎04-10-2017 12:49 PM

For any type of RBAC in this context, you would need to have either A) roles on the DB side like you described, or B) RLS defined in PBI desktop and enforced in the service, which requires the company to have an O365 tenant (and likely Pro licenses which aren't free).

 

As for moving a hesitant company to the cloud, please refer to the following sources for security info:

https://www.microsoft.com/en-us/trustcenter/security/powerbi-security

https://powerbi.microsoft.com/en-us/documentation/powerbi-admin-power-bi-security/

 

Of course, there is always more than just security concerns that block a company from adopting the cloud, but it sounds like security isn't their biggest concern given the system you described of outputting csv's vs. a secure database solution.

 

With regards to a European client, if they set up their O365 tenant in Europe, then the data should never leave that region.  

Message 3 of 4
638 Views
vanessafvg
Super User
Super User
In response to dkay84_PowerBI

‎04-10-2017 01:43 PM

hi @dkay84_PowerBI and @DSimma yep all of that i have pretty much come up with too, as i said the service isn't an option because its in the cloud so row level security  wouldn't work.      The solution with every persons file is a bit of a hassle, but maybe setting up a template and passing a parameter based on the user to the location of the files might work.  Thanks for the response.

 

All their data sits on their network and i work with their machine in their environment, so for them they see that as secure because its within their control.  I have read the security white paper before but it would be interesting to know if anyone in a finance company had gone this route, there are still a lot of companies out there who are nervous to put their data in the cloud.

 

In terms of the tenant, as long as the first user that logs into the  power bi service from a company logs in in the european area, they will be on the european tenant,  i am not sure you can move it if you log in for the first time elsewhere (like on a business trip from china),  that was a while ago where you were stuck in that tenant, if you logged into for the first time if you were physically outside your area, not sure if they have changed it now.

 

 





If I took the time to answer your question and I came up with a solution, please mark my post as a solution and /or give kudos freely for the effort 🙂 Thank you!

Proud to be a Super User!




Message 4 of 4
601 Views
0
DSimma
Advocate II
Advocate II

‎04-10-2017 12:37 PM

You could use Row Level Security, but that would need to be published to service. This is the ideal approach.

 

You could create multiple copies of the report, just a save as and edit the queries to only pull in certain data, this way each "copy"
would have different data. But if you hand out the PBIX and it has access to all the data, then likely they could edit the queries themself and change it to see all data.

Message 2 of 4
645 Views

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All