As the world is turning virtual, we are in dire need of collaboration. Sharing Power BI reports give people access to reports and dashboards. Sharing reports could be done within the organization or outside the organization. This article will discuss how to share Power BI report with external users.
Let’s assume that you belong to the organization AzureOps.org and you want to share reports with Guest.com users. There are three broad ways to achieve this.
- Duplicate guest user accounts in target Power BI organization (AzureOps.org) – Duplicate guest accounts in the target organization are not so popular, and users must remember two credentials.
- Power BI embedded with custom authentication – Use Power BI embedded SKU and embed Power BI reports and authenticate external users using custom authentications.
- Azure B2B Power BI sharing with external users – Sharing reports with external users require you to invite external (Guest.com) users into your organization AzureOps.org.
The best way to share Power BI reports with external users is by using Azure B2B.
What is Azure B2B
Azure Active Directory Business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization.
B2B Power BI sharing with external users
There are two different ways you can invite external users into your organization.
Azure Active Directory level
Add guest,com email addresses as an external user in your organization AzureOps.org Azure active directory. And grant access to Power BI workspaces to these guest users based on needs.
Power BI App level
Create an app in Power BI App workspace in AzureOps,org tenant. Now, grant access to Guest.com users directly on this app.
The user must accept the invitation for external access in both of the above ways. External users can now access Power BI reports using their Guest.com email addresses.
What license is needed?
Guest.com users or security groups can access Power BI reports in AzureOps.org tenant only if.
- AzureOps.org has Power BI premium capacity (P SKU).
- If tom@guest.com does not have a pro license in Guest.com Power BI, AzureOps buys a pro license for Tom in AzureOps.org Power BI tenant.
- tom@guest.com already have a pro license in their Guest.com tenant.
We can even grant access to an external security group in AzureOps.org tenant, so we don’t need to worry about what all external users should have access to reports. In this case, Guest.com can manage its users in a security group, say AzureOpsTeam@guest.com, and AzureOps.org needs to grant access to this group in one of the above two ways. With this, AzureOps.org doesn’t need to maintain individual external users. However, external parties (Guest.com) must ensure that all users in the security group have Pro licenses.
Controlling access
Limit access to content (admin portal)
Limit access to AzureOps Power BI through the admin portal. So, external users will have limited privileges in the AzureOps Power BI workspace. If we use Power BI apps to share reports, we can limit access to report content in the app.
Limit access to data (RLS)
Limiting access to data can be done with row-level security (RLS) in the same way we do for internal users. So, roles can be created in Power BI with specific data access, and external users or groups can be added to these roles.
Pro tips:
1. We can create only one app per workspace.
2. If we share reports using Power BI apps, external users must store the app link.
3. If you want to test RLS in Power BI or run Power BI report as a different user in Power BI service, you can follow this article.
See more
Kunal Rathi
With over a decade of experience in data engineering and analytics, I've assisted countless clients in gaining valuable insights from their data. As a dedicated supporter of Data, Cloud and DevOps, I'm excited to connect with individuals who share my passion for this field. If my work resonates with you, we can talk and collaborate.
I am always interested in new challenges so if you need consulting help, reach me at kunalrathi55@gmail.com.