cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Takasatsu
Frequent Visitor

PowerBI RS security issue: How to avoid direct access to Report Server URL through the web browser ?

Hi!

 

We have a serious security issue regarding Power BI Report Server.

We depolyed a power bi report server report URL on a web portal but the URL is easy to catch after inspection on the portal and a user can have access to data of all other customers.

So we would like to avoid direct access to the URL through the web browser.

Authentication mode on Power BI Report Server: SSO (SAML).
Data loading mode: Import.

 

Has anyone come across this requirement before? Any thoughts or suggested solutions would be greatly appreciated.

 

Thanks!

4 REPLIES 4
lukiz84
Responsive Resident
Responsive Resident

And the underlying data source? SSAS Tabular?

Hi @lukiz84 

 

We are using excel files as data source and the data loading mode is Import.

lukiz84
Responsive Resident
Responsive Resident

Can you clarify the problem? Don't you use RLS?

 

BR

Hi @lukiz84 

I would like to specify that we are using SSO (SAML) authentication mode on Power BI Report Server to avoid double authentication in the web portal, and with this mode we can not use RLS. What we are doing to manage users access to filtered data is adding filters in the Report Server URL.

The problem is that those filters are not hidden and could be modified or deleted from users after URL catching.

 

With best regards.

Helpful resources

Announcements
September Update

Check it Out!

Click here to learn more about the September 2022 updates!

Power BI Show episode 9

The Power BI Community Show

Watch the playback when Priya Sathy and Charles Webb discuss Datamarts! Kelly also shares Power BI Community updates.

Power BI Dev Camp Session 25

Ted's Dev Camp - August 25, 2022

Watch Session 25 of Ted's Dev Camp.