Skip to main content

Privacy Levels for Cloud Data Sources

Headshot of article author Kay Unkroth

In Power BI datasets that combine data from multiple data sources in a single M query, privacy levels define a how the data sources are isolated from each other. Restrictive isolation levels block data from being exchanged with other data sources, which can reduce functionality and impact performance but ensures that sensitive data does not get exposed on less sensitive systems. There are three levels: Private, Organizational, and Public. Private data sources are completely isolated from other data sources. Organizational data sources are isolated from all public data sources but are visible to other organizational data sources. And public data sources are not isolated at all. For details how privacy levels work, see Power BI Desktop privacy levels in the product documentation.

In Power BI Desktop, you can configure the privacy level for a data source in the data source settings. Yet, note that the configuration is not automatically transferred to the Power BI service when you upload your Power BI Desktop file. For example, you might have a Desktop file with multiple data sources set to Organizational, but after uploading the file, scheduled refresh fails because Power BI might treat these data sources as Private unless you apply a less restrictive level manually. In the Power BI service, you can set the privacy level under Advanced settings when adding a data source to an on-premises data gateway, as in the following screenshot.

However, Power BI can access data sources in the cloud without requiring an on-premises data gateway. Up until now, it was not possible to define a privacy level for these sources. Power BI simply assumed that the privacy level for cloud sources was Private, unless a data source was configured for anonymous authentication, which would tag it as a Public data source in the service. So, refresh might or might not work depending on the authentication setting. For cloud sources, the Power BI user interface did not show the applied data privacy level, making it even harder to troubleshoot refresh issues due to privacy level mismatches.

But thanks to a recent improvement, you can now configure the privacy level for cloud data sources in the Power BI Service explicitly, as the following screenshot illustrates. On the dataset settings page, expand Data Source credentials, and then click on Edit credentials for the data source you want to configure, and then select the desired privacy level under Privacy level setting for this data source. Having applied the desired privacy level, data refresh can succeed as in Power BI Desktop.

The new configuration setting for cloud sources closes a gap between Power BI Desktop and the Power BI service, but note that the setting configured in Power BI Desktop still does not automatically transfer to the Power BI service when you upload a Power BI Desktop file. You must reapply the configuration manually on the dataset settings page. By asking you to configure the privacy level explicitly, Power BI helps to avoid unintentional information disclosure.