cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
OlafCdeWit
New Member

Uncertified visuals data security

Hi,

 

We are working on a report which shows incidents on or between specific locations. For the "between" functionality I have not found a certified visual that meets the requirements (show an line between two coordinate based locations, which either change colour of thickness based on number of incidents).

Therefore I want to use an uncertified visual, but my organization restricts the use of uncertified visuals due to data security and compatibility with Power bI updates.

 

So I have two questions:

1. Do we have a certified custom visual that meets my requirement (which I missed)?

2. Do visuals have access to data that is not used in the visual itself?

The reason for this question is that we do not use any restricted (personal or company sensitive) data in the visual itself, but such data is shown in other parts of the report. I know the visuals can send out data (which is probably why they are not certified), now I want to know to what extend they do this to assess the risk impact.

1 ACCEPTED SOLUTION
dm-p
Super User I
Super User I

Hi @OlafCdeWit,

Visuals only have access to the data you add to them. They cannot query the data model of their own volition, so cannot just "reach in and take" whatever they want. Data is only supplied in one direction: from Power BI to the visual. 

It is however possible for the data that is supplied to the visual to be sent to an external endpoint via JS. I have not seen any uncertified visuals in AppSource that do this without  explicitly stating it in their privacy policy.

I have a slide deck here which has a few diagrams of the visual query process plus some details on the permissions that visuals have. This may or may not be helpful but feel free to ask any specific questions and I'll see if I can provide further details. 

Regards,

Daniel





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


My course: Introduction to Developing Power BI Visuals


On how to ask a technical question, if you really want an answer (courtesy of SQLBI)




View solution in original post

4 REPLIES 4
dm-p
Super User I
Super User I

Hi @OlafCdeWit,

Visuals only have access to the data you add to them. They cannot query the data model of their own volition, so cannot just "reach in and take" whatever they want. Data is only supplied in one direction: from Power BI to the visual. 

It is however possible for the data that is supplied to the visual to be sent to an external endpoint via JS. I have not seen any uncertified visuals in AppSource that do this without  explicitly stating it in their privacy policy.

I have a slide deck here which has a few diagrams of the visual query process plus some details on the permissions that visuals have. This may or may not be helpful but feel free to ask any specific questions and I'll see if I can provide further details. 

Regards,

Daniel





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


My course: Introduction to Developing Power BI Visuals


On how to ask a technical question, if you really want an answer (courtesy of SQLBI)




View solution in original post

Hi @dm-p ,

 

This answers my question and reduces my concerns in using uncertified apps.

 

One more question though: In you slidedeck on slide 8 you show how to check for 'Silent' comms. What is the tool you use for this?

 

Thank you for your help!

Hi @OlafCdeWit, and glad I could be of assistance 🙂

This particular slide highlights a web browser's development tools. With a report open in the service, you can open these up and see what network transactions might potentially be taking place.

You will typically see transactions when data in the visual changes (e.g. through filtering/slicing etc.) as your report is running client-side, whereas the data model is server-side. The report will get latest data from the model over HTTP as and when required.

You could profile a core or certified visual to see what endpoints are typically being called (as these may vary between regions). You could then repeat tests with an uncertified custom visual you're auditioning to ensure that the network profile looks about the same and nothing else is going on.

Regards,

Daniel





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


My course: Introduction to Developing Power BI Visuals


On how to ask a technical question, if you really want an answer (courtesy of SQLBI)




Hi @dm-p ,

Thank you for the explanation, we will definitely consider this approach.

Br. Olaf

Helpful resources

Announcements
PBI User Groups

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

April Update

Check it Out!

Click here to read more about the April 2021 Updates!

MBAS Carousel

Sign up for our May 4th event!

May the fourth be with you, join us online!

secondImage

The largest Power BI virtual conference

100+ sessions, 100+ speakers, Product managers, MVPs, and experts. All about Power BI. Attend online or watch the recordings.

Top Kudoed Authors