Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hello!
I noticed, there is a lot of misunderstanding even on this forum about the publish to web function. I already know about the warning sign when publishing serves a warning information about the huge risk etc., but:
is there a way for anyone to discover my link with the exception of.:
- I'll give someone the link and the person may pass the link on (or worst case scenario: shares it with the social buttons)
- Someone puts a large effort to fabricate the correct link
The warning sign also tells me that Microsoft MAY publish the report on the data gallery. Is that a real risk or it's just a heads up?
Thanks alot!
Solved! Go to Solution.
@thegeng You should assume that this link is going to be public, or accessible by those who would be interested in discovering those. These aren't warnings to be ignored. If the data contains private information don't use publish to web.
@thegeng You should assume that this link is going to be public, or accessible by those who would be interested in discovering those. These aren't warnings to be ignored. If the data contains private information don't use publish to web.
Hi @Seth_C_Bauer,
Piggybacking this question, I understand your reply is the 'official' stance, and certainly applies for private information, but can you elaborate on the actual risks?
My use case is to share proof of concept/UAT reports with external parties before embedding in a public website. The data is not confidential, but the reports can be unfinished and buggy which doesn't look great for my brand.
The warning says Microsoft might publish it in a public gallery without asking, but how often does this happen? Ever?
You say I should assume someone interested in finding my report could find it - how would they find it?
I appreciate the risk is that a search tool is made available, but does it exist today? Is it in the roadmap?
Kind regards,
Max
@MaxW The major risk around Publish to Web is with the private company information being exposed to people who shouldn't see it. The URL's generated are not secured, so they are discoverable. In your case, your ultimate use case is external public sites, so it sounds like you just want to validate prior to publishing in the site itself. - valid use case.
To address some of the other questions:
MSFT using it: They haven't yet, but it is certianly a possibility. In that likelyhood, I would assume if you deleted the publish to web link that it would come off any published site.
Discoverability: When the feature was first released we would search portions of the generated URL's and actually get quite a few results simply by search engine. Talking to my security guys, they walked me through several ways in which it apparently wouldn't be that hard to build programs to search for valid links based on the URL strings generated. How someone goes about doing that, I have no idea) But as I mentioned. The danger is around some entity discovering company private information.
A publish to web finder tool: Uh, no.
My stance is based on an abundance of caution, and heeding explicit warnings. In my eyes, it is all about the data exposed. My recommendations are strong because the improper use of this feature could very well land people in a lot of hot water in their workplace if they don't understand the implications. (Company data security policies)
Thanks Seth,
Fantastic reply and exactly the detail I was looking for.
Kind regards,
Max
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.