Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
OlafCdeWit
Frequent Visitor

Uncertified visuals data security

‎01-15-2021 04:38 AM

Hi,

 

We are working on a report which shows incidents on or between specific locations. For the "between" functionality I have not found a certified visual that meets the requirements (show an line between two coordinate based locations, which either change colour of thickness based on number of incidents).

Therefore I want to use an uncertified visual, but my organization restricts the use of uncertified visuals due to data security and compatibility with Power bI updates.

 

So I have two questions:

1. Do we have a certified custom visual that meets my requirement (which I missed)?

2. Do visuals have access to data that is not used in the visual itself?

The reason for this question is that we do not use any restricted (personal or company sensitive) data in the visual itself, but such data is shown in other parts of the report. I know the visuals can send out data (which is probably why they are not certified), now I want to know to what extend they do this to assess the risk impact.

Labels:
Message 1 of 5
1,836 Views
1 ACCEPTED SOLUTION
dm-p
Super User
Super User

‎01-15-2021 05:03 PM

Hi @OlafCdeWit,

Visuals only have access to the data you add to them. They cannot query the data model of their own volition, so cannot just "reach in and take" whatever they want. Data is only supplied in one direction: from Power BI to the visual. 

It is however possible for the data that is supplied to the visual to be sent to an external endpoint via JS. I have not seen any uncertified visuals in AppSource that do this without  explicitly stating it in their privacy policy.

I have a slide deck here which has a few diagrams of the visual query process plus some details on the permissions that visuals have. This may or may not be helpful but feel free to ask any specific questions and I'll see if I can provide further details. 

Regards,

Daniel





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


My course: Introduction to Developing Power BI Visuals


On how to ask a technical question, if you really want an answer (courtesy of SQLBI)




View solution in original post

Message 2 of 5
1,791 Views
0
4 REPLIES 4
dm-p
Super User
Super User

‎01-15-2021 05:03 PM

Hi @OlafCdeWit,

Visuals only have access to the data you add to them. They cannot query the data model of their own volition, so cannot just "reach in and take" whatever they want. Data is only supplied in one direction: from Power BI to the visual. 

It is however possible for the data that is supplied to the visual to be sent to an external endpoint via JS. I have not seen any uncertified visuals in AppSource that do this without  explicitly stating it in their privacy policy.

I have a slide deck here which has a few diagrams of the visual query process plus some details on the permissions that visuals have. This may or may not be helpful but feel free to ask any specific questions and I'll see if I can provide further details. 

Regards,

Daniel





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


My course: Introduction to Developing Power BI Visuals


On how to ask a technical question, if you really want an answer (courtesy of SQLBI)




Message 2 of 5
1,792 Views
0
OlafCdeWit
Frequent Visitor
In response to dm-p

‎01-18-2021 09:21 AM

Hi @dm-p ,

 

This answers my question and reduces my concerns in using uncertified apps.

 

One more question though: In you slidedeck on slide 8 you show how to check for 'Silent' comms. What is the tool you use for this?

 

Thank you for your help!

Message 3 of 5
1,754 Views
0
dm-p
Super User
Super User
In response to OlafCdeWit

‎01-18-2021 10:38 AM

Hi @OlafCdeWit, and glad I could be of assistance 🙂

This particular slide highlights a web browser's development tools. With a report open in the service, you can open these up and see what network transactions might potentially be taking place.

You will typically see transactions when data in the visual changes (e.g. through filtering/slicing etc.) as your report is running client-side, whereas the data model is server-side. The report will get latest data from the model over HTTP as and when required.

You could profile a core or certified visual to see what endpoints are typically being called (as these may vary between regions). You could then repeat tests with an uncertified custom visual you're auditioning to ensure that the network profile looks about the same and nothing else is going on.

Regards,

Daniel





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


My course: Introduction to Developing Power BI Visuals


On how to ask a technical question, if you really want an answer (courtesy of SQLBI)




Message 4 of 5
1,744 Views
0
OlafCdeWit
Frequent Visitor
In response to dm-p

‎01-20-2021 07:42 AM

Hi @dm-p ,

Thank you for the explanation, we will definitely consider this approach.

Br. Olaf

Message 5 of 5
1,708 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Kudoed Authors
View All