web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Block Power BI desktop...
Small and medium business | Business Central, N...
Unanswered

Block Power BI desktop access to Business Central for certain users

(1) ShareShare
ReportReport
Posted on by Samantha73 3,132
Hi 
Currently any user with power BI licenese can acess Business Central Data via the PBI desktop. is there anyway some users can be blocked creating new reports and exploring data using power BI desktop/online? We know how to restrict access once published to workspace form workspace security.
Categories:
Dynamics 365 Business Central
I have the same question (0)
  • Suggested answer
    Sahan Hasitha Profile Picture
    Sahan Hasitha 818 on at
    Block Power BI desktop access to Business Central for certain users
    hi
     
    1. Restrict BC Data Access (Best Practice)
      • Only give the users the minimum permissions in Business Central security roles.
      • If they cannot read certain tables/pages, then even if they try in Power BI Desktop, the data won’t load.
      • Example: Create a read-only reporting role for Business Central, and exclude sensitive tables (like G/L, Vendors, etc.).
    2. Use Azure Active Directory (AAD) Security Groups
      • Put “report creators” in one AAD group and “report consumers” in another.
      • Only give the creator group access to the OData / API endpoints in Business Central.
      • Consumers can still view published reports in Power BI Service, but cannot build their own.
    3. Data Access Layer with Azure / Power BI Datamarts
      • Instead of letting all users connect directly to BC OData feeds, centralize the data via a Dataflow / Datamart / Lakehouse.
      • Only BI developers can access the raw BC connectors. End users only see curated datasets published in Power BI Service.
    4. Governance Policy
      • Document/reporting policy: Only assigned BI developers should use Power BI Desktop to connect to BC.
      • Technical enforcement: Use Conditional Access in Azure AD to restrict access to the BC API endpoints for certain users.

     
  • Suggested answer
    Pallavi Phade Profile Picture
    Pallavi Phade 638 on at
    Block Power BI desktop access to Business Central for certain users
    Namaste Samantha 
     
    I can surely advise you how we can restrict in BCE not sure of other ways . 
     
    Below are the Permission sets by default set by Microsoft for Power Bi 
     
     
    You can restrict these permission set to user . And create copy of this permission set and do the necessary changes .
     
    And modify the effective permissions . As per your custom tables , access  
     
    And also check licenses provided to user in user card 
     
    Below link will help you to usage of APIs and how it can be permitted 
     
    Sharing some other referneces where this is restriced in PowerBi services  .
     
     
    if you feel this answer was helpful , Please verify the answer 
     
    Regards
    Pallavi Phade
  • Suggested answer
    Gauravsingh.rajput@vserve.co.in Profile Picture
    Gauravsingh.rajput@... 45 on at
    Block Power BI desktop access to Business Central for certain users
    Hi Samantha,

    Please try below solutions

    1. Restrict Access via Business Central Permission Sets
    You can control which users can access Business Central data by customizing permission sets:
    • Create a custom permission set that excludes access to tables, pages, and queries exposed to Power BI (especially those used in APIs or OData).
    • Assign this restricted permission set to users who should not be able to connect to Business Central from Power BI.
    • Remove any other permission sets that might grant access to those data entities 
    2. Use Azure Conditional Access Policies
    Azure AD (now Microsoft Entra ID) allows you to block access to Business Central from Power BI:
    • Go to Azure AD > Security > Conditional Access.
    • Create a policy targeting specific users or groups.
    • Under Cloud apps, select Business Central.
    • Under Client apps, choose Power BI as the blocked app.
    • Under Access controls, select Block access.
    • Enable and test the policy before rolling it out broadly1. Restrict Access via Business Central Permission Sets
      You can control which users can access Business Central data by customizing permission sets:
    • Create a custom permission set that excludes access to tables, pages, and queries exposed to Power BI (especially those used in APIs or OData).
    • Assign this restricted permission set to users who should not be able to connect to Business Central from Power BI.
    • Remove any other permission sets that might grant access to those data entities 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Our Community Code of Conduct has been updated!

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Andrés Arias – Community Spotlight

We are honored to recognize Andrés Arias as our Community Spotlight honoree for…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
Sumit Singh Profile Picture

Sumit Singh 2,857

#2
Sohail Ahmed Profile Picture

Sohail Ahmed 2,687 Super User 2025 Season 2

#3
Jeffrey Bulanadi Profile Picture

Jeffrey Bulanadi 2,203

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans