Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

External B2B Users can view all Internal Power BI Apps

Looks like any Power BI App shared with the Entire Org is visiable to the External Users once signed up to view the first App.  By clikcing on App then Get More Apps they can see all Apps Shared Internallly with the Entire Org.  This seems like a bug!!

Status: Needs Info
Comments
v-jiascu-msft
Employee

Hi @rayishome,

 

I can't reproduce this issue. 

1. Can you confirm if these users are in the same tenant? They can be in the same tenant though they have different domain. Like user@a.com and user@b.com. Please refer to: can-i-add-a-domain-to-my-tenant.

2. Can you share more detailed steps that I can use to reproduce?

 

I will appreciate it if you can give some feedback. Thanks in advance.

 

Best Regards!

Dale

Vicky_Song
Impactful Individual
Status changed to: Needs Info
 
rayishome
Resolver I

I can confirm the domain is not part of the tenant.  We created the email to test external use cases.  This email received an invite from the b2b process.  What's interesting is this email was used previously to share dashboards externally and was given guest access another workspace.  

v-jiascu-msft
Employee

Hi @rayishome,

 

One more thing needs to be confirmed. You mean the guest can access the other part of the same App workspace. Or another Apps. For example, App One has two dashboards a and b. There is also an App named App two. You share dashboard a to a guest. Now the guest can access dashboard a and b? Or the guest can access App Two which isn't share with the guest?

 

Best Regards,

Dale

rayishome
Resolver I

The email account can see any app that's shared with the entire organization. 

v-jiascu-msft
Employee

Hi @rayishome,

 

Please create a support ticket here. I can't reproduce the same issue with yours. If the external user doesn't have the link, they can't access the App workspace.createATicket.gif

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Best Regards,

Dale

cdok1091
Frequent Visitor

I have the exact same problem.  I created an AAD B2B security group for external / guest users.  Then I explicitly shared a Power BI app with that security group.  When a guest user in that security group goes to 'get apps', that user can see all apps shared with all users in the AAD. 

 

When a guest security group is created, the members of that group should be able to see only the apps that have been explicitly shared with them.  The members of a security group containing external users should NOT inherit access to other apps published to 'all' [internal] users.  This is a serious problem and needs immediate correction. 

 

Please advise when this is fixed!

rayishome
Resolver I

I opened a ticket as suggested and spoke with a Support Engineer.  It looks like it's working as Designed treating anyone that shows up in the AD User List, Guest or not, as Internal allowing them access to App's published to the Entire Org.

cdok1091
Frequent Visitor

This is a deal-breaker for using Power BI for scalable external reporting.  We need to prevent access to internal-only Apps by external users ASAP. 

 

Ideas...

Maybe a separate destinations to which Apps can be published -- internal-only audiences vs. internal/external users? 

 

Or, when publishing Apps, a required toggle that allows discoverability/access by AAD B2B security groups containing external users?  Furthermore, perhaps a requirement to explicitly define which security groups are allowed to discover/access?

Ajay
Employee

Hi, We are looking into this issue now. Thanks for the feedback/