In the previous post, I looked at some of the features of Power BI paginated reports. What was still unclear is how security works.
Turned out it works pretty much as one would expect. Users having no access to the data won’t see that data in the report.
Unless the report has NOT been configured to use credentials of the viewing user.
But first things first. For those new to Power BI administration, keep in mind you may need to be gives permissions to share reports from the previous workspace, and, for that, you need to be given “Member” role:
Unless you are given a role that allows sharing, you will likely be getting a little ugly error when trying to share. Although, you will still be able to publish a report if you are at least a contributor, and, then, somebody else could share it with the other users.
That’s the first level of “security” – if a user does not have access to the workspace, the report would have to be shared with them.
Once it is shared, you will find that user’s ability to see data in the report depends on how the datasource has been configured.
You can configure report datasource through the “manage” action:
Then just make sure the checkbox above (“Report viewers can only access this data source with their own Power BI identities using DirectQuery”). When that option is selected, Power BI will use report viewer credentials to load data from Dataverse.
If the option is not selected, Power BI will be using default data source credentials (those will usually be of the report author’s).
In other words, if the option is not selected OR if the user has permissions to see data, all data will be visible (#1 on the screenshot below).
If the option is selected AND if the user viewing the report does not have permissions to see certain data, that data will not show up:
So, if you are concerned about the security in paginated reports… it seems you should not be. It’s all been taken care of.
The one remaining piece is better integration with model-driven apps (running reports for the grids, running them from the command bar, etc). That will likely require some scripting, but let me see if I can come up with something in one of the next post.