Set Up Power BI Published Data Sources for Restricting Access to Reporting Data

  • Updated

In this guide, you will learn how to set up a published report and data source that you can securely share within your organization. It uses Microsoft OneLake and Microsoft Entra to manage access to the reports and underlying data sources.

This enhances report and data security while maintaining seamless access to valuable insights for your users. This example includes restricting access to Snowflake by using network access policies to improve security further.

Solution Design

 

Components

  • Snowflake - Customer Tenant:
    • DB: Represents the customer database hosted in Snowflake.
  • Microsoft - Power BI Service - Customer Tenant:
    • Semantic Model: This data model integrates data from the Snowflake database. It includes:
      • Credentials: Authentication credentials are managed to allow access to the database.
      • Permissions: Access permissions are set to control who can access the data.
    • Reports: These are the Power BI reports created based on the Semantic Model. They are published within the Power BI Service.
  • Power BI Desktop:
    • Report: Power BI Desktop is used to develop reports that are authenticated with the organization through Microsoft Entra.
    • Reports created here can be published to the Power BI Service.
  • DB (within Microsoft Customer Tenant):
    • Additional databases, such as those within the customer's environment, can be accessed as part of the semantic model.

Data Flow and Access Control

  1. Data Source Integration:
    • The Snowflake DB, hosted within the customer tenant, serves as the primary data source.
    • The Semantic Model in the Power BI Service pulls data from Snowflake DB. This model handles data transformations and aggregations.
  2. Publishing and Access:
    • Once configured with the necessary credentials and permissions, the Semantic Model is published to the Power BI Service.
    • The published model ensures that only authorized users can access the data as defined by the credentials and permissions.
  3. Report Generation and Access:
    • Reports are generated in Power BI Desktop using the Semantic Model and data from the integrated DB.
    • These reports are authenticated through Entra, ensuring that access is restricted to authorized personnel within the organization.
  4. Power BI Service Reports:
    • Once reports are published to the Power BI Service, they leverage the centralized Semantic Model.
    • The centralization of the Semantic Model ensures consistency across reports and simplifies the management of data access and permissions.

 

Setup

This solution requires the following:

  • Records Administrator access to the RecordPoint platform.
  • Power BI Desktop is required to publish the reports.
  • A subscription to the Power BI service.
  • Access to Snowflake.

The setup consists of two key steps. In the first step, we download the reports locally and publish them using Power BI Desktop. We then set up access to the published reports in the Power BI service.

 

Step 1 - Publish Your Report and Data Source to OneLake Data Hub

This approach uses Power BI Desktop to publish a report and data source, also known as a semantic model, to the Power BI service.

Download the report you wish to publish

  • Login to Records365.
  • Navigate to the Administration page by clicking the cog wheel on the top bar.
  • Click on Reporting from the left-hand navigation menu.
  • Click the Enterprise tab.
  • Download the Power BI file for the report you want to publish.

Connecting the report to your tenant

Now that you have downloaded the report, you can access data from Records365 in Power BI. Let's set up the dashboard and connect it to your Records365 tenancy.

First, we must get the connection details for the Power BI report from Records365. Below are the values and their mapping to their respective fields for the Power BI report

RecordPoint field PowerBI field
Server URL Server
Database name Database
User name User name
Password Password

 

Note: For first-time use, you may need to generate a password using the Generate new password button. Once you have generated a password, use the Copy button to retrieve the password value.

  • Open the downloaded report using Power BI desktop
  • If presented with a Potential Security Risk dialog, select OK to continue
  • As the report loads, it will prompt you for your connection details. Please enter the relevant values as outlined above

Click Run for all Native Database Query dialog forms.

Your data will start loading into the report.

Publish the Report to the Power BI Service

  • In Power BI Desktop, choose File > Publish > Publish to Power BI or select Publish on the Home ribbon.

  • Sign in to Power BI if you aren't already signed in.
  • Select the destination. You can search your list of workspaces to find the workspace you want to publish. The search box lets you filter your workspaces. Select the workspace, and then click the Select button to publish.

  • Once the publishing is complete, you will receive a link to your report. Select the link to open the report in your Power BI site.

Once you have published the report, the report and data source will be published separately.

 

Step 2 - Give Access to the Data Source to Specific Users

In this step, you will give users within your organization permission to use the data source.

  • Navigate to the OneLake Data Hub:
    • In the Power BI Service, go to the OneLake Data Hub.
  • Select Your Data Source:
    • Find the data source you want to share and select it.
  • Manage Permissions
    • Click on the "“Manage Permissions"” button.
    • Add the users or groups you want to give access to.
    • Assign appropriate permissions.


Users will now have access to that data source.

Using published semantic models in Power BI Desktop

Once you have published your report to the Power BI service, you and others can establish a live connection to the shared semantic model in the Power BI service and create many different reports from that shared data model.

You can use the Power BI service live connection feature to create multiple reports in .pbix files from the same semantic model and save them to different workspaces.

You can find more information here: https://learn.microsoft.com/en-us/power-bi/connect-data/desktop-report-lifecycle-datasets?wt.mc_id=searchapi_inproduct_fabrichelppane

Note: Users must be logged in to Power BI using their organization account to see the data sources they have permission to.

 

Restrict Access to Snowflake

In this step we restrict access to Snowflake to the Power BI service and trusted endpoints only. This step is performed by RecordPoint, so once the above steps have been completed, please contact your RecordPoint account representative to complete this final step.

 

References

https://learn.microsoft.com/en-us/fabric/onelake/security/data-access-control-model

https://docs.snowflake.com/en/user-guide/network-policies

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request