web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Block Power BI desktop...
Small and medium business | Business Central, N...
Answered

Block Power BI desktop access to Business Central for certain users

(6) ShareShare
ReportReport
Posted on by Samantha73 3,297
Hi 
Currently any user with power BI licenese can acess Business Central Data via the PBI desktop. is there anyway some users can be blocked creating new reports and exploring data using power BI desktop/online? We know how to restrict access once published to workspace form workspace security.
Categories:
Dynamics 365 Business Central
I have the same question (0)
  • Suggested answer
    Gauravsingh.rajput@vserve.co.in Profile Picture
    Gauravsingh.rajput@... 49 on at
    Hi Samantha,

    Please try below solutions

    1. Restrict Access via Business Central Permission Sets
    You can control which users can access Business Central data by customizing permission sets:
    • Create a custom permission set that excludes access to tables, pages, and queries exposed to Power BI (especially those used in APIs or OData).
    • Assign this restricted permission set to users who should not be able to connect to Business Central from Power BI.
    • Remove any other permission sets that might grant access to those data entities 
    2. Use Azure Conditional Access Policies
    Azure AD (now Microsoft Entra ID) allows you to block access to Business Central from Power BI:
    • Go to Azure AD > Security > Conditional Access.
    • Create a policy targeting specific users or groups.
    • Under Cloud apps, select Business Central.
    • Under Client apps, choose Power BI as the blocked app.
    • Under Access controls, select Block access.
    • Enable and test the policy before rolling it out broadly1. Restrict Access via Business Central Permission Sets
      You can control which users can access Business Central data by customizing permission sets:
    • Create a custom permission set that excludes access to tables, pages, and queries exposed to Power BI (especially those used in APIs or OData).
    • Assign this restricted permission set to users who should not be able to connect to Business Central from Power BI.
    • Remove any other permission sets that might grant access to those data entities 
  • Verified answer
    Pallavi Phade Profile Picture
    Pallavi Phade 5,420 Super User 2026 Season 1 on at
    Namaste Samantha 
     
    I can surely advise you how we can restrict in BCE not sure of other ways . 
     
    Below are the Permission sets by default set by Microsoft for Power Bi 
     
     
    You can restrict these permission set to user . And create copy of this permission set and do the necessary changes .
     
    And modify the effective permissions . As per your custom tables , access  
     
    And also check licenses provided to user in user card 
     
    Below link will help you to usage of APIs and how it can be permitted 
     
    Sharing some other referneces where this is restriced in PowerBi services  .
     
     
    if you feel this answer was helpful , Please verify the answer 
     
    Regards
    Pallavi Phade
  • Suggested answer
    Sahan Hasitha Profile Picture
    Sahan Hasitha 2,683 on at
    hi
     
    1. Restrict BC Data Access (Best Practice)
      • Only give the users the minimum permissions in Business Central security roles.
      • If they cannot read certain tables/pages, then even if they try in Power BI Desktop, the data won’t load.
      • Example: Create a read-only reporting role for Business Central, and exclude sensitive tables (like G/L, Vendors, etc.).
    2. Use Azure Active Directory (AAD) Security Groups
      • Put “report creators” in one AAD group and “report consumers” in another.
      • Only give the creator group access to the OData / API endpoints in Business Central.
      • Consumers can still view published reports in Power BI Service, but cannot build their own.
    3. Data Access Layer with Azure / Power BI Datamarts
      • Instead of letting all users connect directly to BC OData feeds, centralize the data via a Dataflow / Datamart / Lakehouse.
      • Only BI developers can access the raw BC connectors. End users only see curated datasets published in Power BI Service.
    4. Governance Policy
      • Document/reporting policy: Only assigned BI developers should use Power BI Desktop to connect to BC.
      • Technical enforcement: Use Conditional Access in Azure AD to restrict access to the BC API endpoints for certain users.

     
  • Suggested answer
    Nimsara Jayathilaka. Profile Picture
    Nimsara Jayathilaka. 4,950 Super User 2026 Season 1 on at
    Hi Samantha
     
    Currently, there is no direct way within Power BI or Business Central to block users with a Power BI license from creating new reports or exploring data using Power BI Desktop or Power BI online before publishing. The licensing allows any user with access to Business Central data to connect using Power BI Desktop and create reports independently. Restrictions primarily come into play after reports are published to workspaces, where workspace security can control who can view, edit, or share reports. However, users can still create personal reports in their own workspaces without restrictions, and there is no built-in feature to block report creation or data exploration at the source before published access is granted.
     
    To manage this, organizations often use control measures such as creating custom permission sets in Business Central to limit access to tables, pages, or APIs that Power BI uses, effectively restricting data exposure to certain users. Additionally, monitoring and auditing user activities in Power BI personal workspaces can alert administrators if unauthorized report creation or data exploration occurs. Power BI roles and data source credential management provide further layers of data access control, but do not prevent report creation with licensed users. Ultimately, restrictions are more effectively applied at the published report level and by controlling Business Central data access permissions rather than within Power BI Desktop itself.
     
    Thanks
    Nimsara
  • Suggested answer
    YUN ZHU Profile Picture
    YUN ZHU 99,055 Super User 2026 Season 1 on at
    You can try disabling the Power Bi app. For example,
     
    In addition, I think it would be better to submit this question to the Power Bi forum.
     
    Hope this helps.
    Thanks.
    ZHU

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the February Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
OussamaSabbouh Profile Picture

OussamaSabbouh 1,804 Super User 2026 Season 1

#2
YUN ZHU Profile Picture

YUN ZHU 1,103 Super User 2026 Season 1

#3
Kamal Khakhkhar Profile Picture

Kamal Khakhkhar 695

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans