cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
rsrwebsupport
Frequent Visitor

Separate report filters per customer

I want to make one "master" report in Power BI and then give each individual customer the ability the view the report but only with data from them.  For example, the report might be sales by month, so the customer would be able to see their own sales by month, but not sales for all customers.  Is this possible?  I originally looked at providing a filter to only show the one customer, but it seems like there's no secure way to do this according to this post.  They recommend RLS, but the application will be owning the data so every customer will essentially be sharing the same Power BI account.  Are there any other alternatives?  I know I could technically create a separate report for every customer, but that seems like overkill. 

 

Thanks.

1 ACCEPTED SOLUTION
rsrwebsupport
Frequent Visitor

I came up with a potential solution, but I'm wondering if there is a better approach or if there are any potential security concerns with this approach.

  • On the model, I added a unique token to each customer
  • I also added a custom "valid" measure to the model that returns a boolean - TRUE if HASONEFILTER is true on both the customer ID and the customer token
  • I added a measure on the sales model so that the sales values return the correct value if "valid" (i.e. both customer ID and customer token have a single filter) and return 0 otherwise
  • In the report, I added the sales measure rather than the "real" sales value
  • I made the report filters pane hidden
  • When the report gets embedded, I pass in the customer ID and token as filters on the embed URL, which results in a report that is filtered for that customer with no filters visible to the user

Can anyone poke any holes in this approach?  A hacker would need to know both a customer's ID and token to view their reports, so I think that would be secure?  Is there a better approach I could be using instead?

 

EDIT: I spoke with Microsoft support, and they said the preferred approach is RLS, but that would require every customer to have a Power BI account.  This isn't feasable in this case, so he said this workaround is probably the best approach given our constraints.  I'm still interested though if anyone can think of any potential security holes with this approach.

View solution in original post

1 REPLY 1
rsrwebsupport
Frequent Visitor

I came up with a potential solution, but I'm wondering if there is a better approach or if there are any potential security concerns with this approach.

  • On the model, I added a unique token to each customer
  • I also added a custom "valid" measure to the model that returns a boolean - TRUE if HASONEFILTER is true on both the customer ID and the customer token
  • I added a measure on the sales model so that the sales values return the correct value if "valid" (i.e. both customer ID and customer token have a single filter) and return 0 otherwise
  • In the report, I added the sales measure rather than the "real" sales value
  • I made the report filters pane hidden
  • When the report gets embedded, I pass in the customer ID and token as filters on the embed URL, which results in a report that is filtered for that customer with no filters visible to the user

Can anyone poke any holes in this approach?  A hacker would need to know both a customer's ID and token to view their reports, so I think that would be secure?  Is there a better approach I could be using instead?

 

EDIT: I spoke with Microsoft support, and they said the preferred approach is RLS, but that would require every customer to have a Power BI account.  This isn't feasable in this case, so he said this workaround is probably the best approach given our constraints.  I'm still interested though if anyone can think of any potential security holes with this approach.

View solution in original post

Helpful resources

Announcements
PBI_User Group Leader_768x460.jpg

Manage your user group events

Check out the News & Announcements to learn more.

Welcome Super Users.jpg

Super User Season 2

Congratulations, the new Super User Season 2 for 2021 has started!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

Top Solution Authors