Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
gopowerbi
Frequent Visitor

authorization concept

‎08-18-2016 03:01 AM

Hello everybody,

 

I am testing power bi and CRM. Today a big topic was the athorization. Let me explain (in my opinion) the difficulty of power bi by giving you an example:

 

Let's suppose that I have a work group called "CRM-TEST" and it includes me (the Admin of this group), Person A and Person B.

In order to successfully connect to CRM, the ADMIN has to have permission on the specific CRM URL which is given to him by the companie's responsible for CRM.

Now that Admin has it's permission, he connects to the given URL, gets several tables, makes Reports and shares them to the group "CRM-TEST".

 

1st problem: Person A, Person B don't have permission to CRM but still can see and update the dataset and the report.

 

2nd problem: after two weeks, the company's responsible decides (for whatever reason) to take the ADMIN's permission/authorization from CRM that he gave to him when he created the report (two weeks ago). BUT admin, Person A, Person B CAN STILL see and update the dataset and the report. The only thing that Admin can't do is GET NEW TABLES. The problem: now that Admin isn't anymore authorized to CRM, he shouldn't be able to update/see the dataset and the reports.

 

Now my question: am I doing somethin wrong or doesn't POWER BI have a solution to authorization questions?

 

The copmany's responsible of CRM goal is: to have control on power bi users on what they see and when they are able to see it.

Message 1 of 5
6,101 Views
0
1 ACCEPTED SOLUTION
Seth_C_Bauer
MVP
In response to gopowerbi

‎08-22-2016 06:55 AM

@gopowerbi

You are saying that even if CRM online (that's what we're using) does require me to log in with a office 365 account when I want to get the data, it is not possible to control the connection AFTER THAT FIRST TIME when I got the data?

The connection should fail the next time a refresh is requested. The existing data is still accessible. (The same way it would be if you connected from an excel file). 

 

That would mean that CRM by giving me the permission to have access to that data, it also gives me the permisison to give the permisison to other people in my group to see the data source and create/edit the reports?

By default, the report author passes on his permission level to the report user. UNLESS, you apply, or use, the tools to limit the view of end users. These options are.

RLS (Row Level Security) within Power BI

Direct Query to a SQL DB that supports RLS (Azure SQLDB, SQL 2016)

Live Connection to SSAS - where you would manage RLS in the model/cube

 

Both DQ and LC require that you manage your model/data in a different location other than in Power BI.


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG

View solution in original post

Message 5 of 5
7,624 Views
0
4 REPLIES 4
Seth_C_Bauer
MVP

‎08-18-2016 06:41 AM

@gopowerbi I agree with smoupre. You'd have to get the data into a source that you could control. ie. SQL DB or SSAS where you would leverage Direct Query or Live Connection. Both of which require permissions on the data source and don't store data in Power BI.

Now depending on whether or not you are using CRM on premises or online,  the online presents challenges in extracting the data, but it can be done. But this avenue is a lot more work to set up.


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG
Message 3 of 5
6,086 Views
0
gopowerbi
Frequent Visitor
In response to Seth_C_Bauer

‎08-21-2016 11:12 PM

@Seth_C_Bauer & @Greg_Deckler thank you for you answers.

 

You are saying that even if CRM online (that's what we're using) does require me to log in with a office 365 account when I want to get the data, it is not possible to control the connection AFTER THAT FIRST TIME when I got the data?

That would mean that CRM by giving me the permission to have access to that data, it also gives me the permisison to give the permisison to other people in my group to see the data source and create/edit the reports?

Message 4 of 5
6,074 Views
0
Seth_C_Bauer
MVP
In response to gopowerbi

‎08-22-2016 06:55 AM

@gopowerbi

You are saying that even if CRM online (that's what we're using) does require me to log in with a office 365 account when I want to get the data, it is not possible to control the connection AFTER THAT FIRST TIME when I got the data?

The connection should fail the next time a refresh is requested. The existing data is still accessible. (The same way it would be if you connected from an excel file). 

 

That would mean that CRM by giving me the permission to have access to that data, it also gives me the permisison to give the permisison to other people in my group to see the data source and create/edit the reports?

By default, the report author passes on his permission level to the report user. UNLESS, you apply, or use, the tools to limit the view of end users. These options are.

RLS (Row Level Security) within Power BI

Direct Query to a SQL DB that supports RLS (Azure SQLDB, SQL 2016)

Live Connection to SSAS - where you would manage RLS in the model/cube

 

Both DQ and LC require that you manage your model/data in a different location other than in Power BI.


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG
Message 5 of 5
7,625 Views
0
Greg_Deckler
Super User
Super User

‎08-18-2016 05:52 AM

I'm not sure that your issue is unique to Power BI. If you did the same thing in Excel or in text CSV files, it's the same issue. Once you give someone access to a set of data, if they localize that data, you've lost control of who has access to the data. 


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 2 of 5
6,091 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All