A balanced combination of the different features of a platform, as well as the application of governance policies, is necessary for the regulation and management of the data export options available for sensitive Power BI reports. First, a row-level security (RLS) mechanism will be implemented that will restrict data visibility based on the roles assigned. This limits the potential data for export in that the users are restricted to seeing only the data that they are meant to see. The other feature of RLS can also be utilized in Power BI Desktop, where before a report is published on Power BI Service, the users can draw up the audience, assign roles, and apply necessary DAX filters.
The next step is to change the settings for the Power BI Tenant. Even though an administrator can allow users to export only summarized data or restrict the analysis of any data from Power BI Services, users can be prevented from exporting data to Excel and CSV files within the Power BI Tenant settings. These settings are available within the Power BI admin portal and can be customized for specific users after considering their data access needs.
Lastly, consider the option of Microsoft Information Protection (MIP) and sensitivity labels for the purpose of protecting and labeling classified reports. Sensitivity labels prevent users, for example, from taking screenshots of information within Power BI or contain policies such as encrypting the data. In addition to encouraging people to share fewer data file exports, especially for security reasons, sharing with access levels with restrictions (such as ‘view only’) also encourages their use of shared dashboards instead. The application of these measures, together with clear and communicated data governance policies, promotes the effective maintenance of confidentiality and compliance.