A client uses Dynamics 365 Sales, Power BI datasets, and Power BI dataflows.
The Dynamics 365 Sales implementation has security roles that restrict data export. You need to ensure that data has the same restrictions in Power BI as it does in Dynamics 365 Sales.
You need to design the security to avoid sensitive data from being seen.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
To ensure that data has the same restrictions in Power BI as it does in Dynamics 365 Sales, two actions are necessary: 1) Limiting the role and ensuring that exporting to Microsoft Excel is not allowed in both Dynamics 365 Sales and Power BI. This prevents sensitive data from being exported and ensures data protection across both platforms. 2) Sharing Power BI dashboards only with users who are authorized to see the data. This maintains consistent data visibility restrictions, ensuring sensitive data is only accessible to those with appropriate permissions.
Goals: 1) avoid sensitive data from seen, 2) prevent export to Excel from Power BI datasets. A. NO resolve 1) NO resolve 2) : I can see data different from D365 in Power BI if I don’t limit by R-L-S! B. NO resolve 1) NO resolve 2) : I can Export data from Power BI and I can see sensitive data from Power BI; C. NO resolve 1) OK resolve 2): I’m not able to export data from Power BI (disable option from dataset) and D365 (test) D. OK resolve 1) NO resolver 2) So C and D
C, D C is the only option to disable Power BI https://docs.microsoft.com/en-us/business-applications-release-notes/october18/intelligence-platform/power-bi-desktop/per-report-control-data-export
I would say A and C
A. Use Microsoft Dataverse restrictions before setting up the Power BI reports. This option is recommended because Microsoft Dataverse, as a data platform for Dynamics 365, provides an additional layer of security and access control. By applying the appropriate Dataverse restrictions before setting up the Power BI reports, you can ensure that data in Power BI respects the same security roles and restrictions as in Dynamics 365 Sales. D. Share Power BI dashboards only with users who are supported to see this data. This option is recommended because it involves sharing Power BI dashboards only with users who are supposed to see the data, which helps maintain the same level of data access restrictions as in Dynamics 365 Sales. This ensures that sensitive data is only accessible to authorized users in Power BI, similar to the access control in Dynamics 365 Sales.
Why not B and C? B. Limit the role in Dynamics 365 Sales to only data allowed so it cannot be exported to Microsoft Excel. This option is not recommended because it only focuses on limiting the role in Dynamics 365 Sales to data that can be exported to Microsoft Excel. Power BI can access and display data from Dynamics 365 Sales through various means, not just Excel exports. Limiting the role to data that can be exported to Excel does not guarantee the same level of data protection in Power BI as in Dynamics 365 Sales. C. Limit the role and ensure that exporting to Microsoft Excel is not allowed in both Dynamics 365 Sales and Power BI. This option is not recommended because it only focuses on limiting the exporting of data to Microsoft Excel, which is not sufficient to ensure the same data restrictions in Power BI as in Dynamics 365 Sales. Data can be accessed in Power BI through various other means, so limiting the role to not allow data exporting to Excel does not completely address the issue.
C and D
C and D
I would say C and D.
I agree it should be C and D
C. Limit the role and ensure that exporting to Microsoft Excel is not allowed in both Dynamics 365 Sales and Power BI. D. Share Power BI dashboards only with users who are supported to see this data. By limiting the role in Dynamics 365 Sales and ensuring that exporting to Microsoft Excel is not allowed, sensitive data can be restricted from being exported to Power BI. Additionally, sharing Power BI dashboards only with users who are authorized to see the data can further ensure that sensitive data is not exposed. Using Microsoft Dataverse restrictions before setting up the Power BI reports can also help to limit access to sensitive data.
where does goal 2 come from ? I cannot see this requirement in the question.
Existed in the today exam 07/2024
C. Limiting the role and ensuring that exporting to Microsoft Excel is not allowed in both Dynamics 365 Sales and Power BI can help ensure that data export is restricted to both tools. By restricting data export at both ends, it is possible to ensure that sensitive data is not leaked. D. Sharing Power BI dashboards only with users who are authorized to see the data can help ensure that sensitive data is not leaked. By restricting access to Power BI dashboards, it is possible to ensure that only authorized users can view the data. This can also help ensure that unauthorized users do not have the ability to export data from Power BI.
C & D You can prevent data export form both security role and Power BI https://community.powerbi.com/t5/Service/Disable-Data-Export-just-to-a-particular-report/m-p/556601
ChatGPT says it's C and D :D , I don't know how right it is.
for me it suggests B and D To ensure that data has the same restrictions in Power BI as it does in Dynamics 365 Sales, I would recommend the following two actions: B. Limit the role in Dynamics 365 Sales to only data allowed so it cannot be exported to Microsoft Excel: This will restrict the data export in Dynamics 365 Sales itself, preventing users from exporting data to Microsoft Excel or other applications, and ensure that only the allowed data is accessed by the users. D. Share Power BI dashboards only with users who are authorized to see this data: This will ensure that only authorized users can access and view the Power BI dashboards that contain Dynamics 365 Sales data. The sharing settings in Power BI can be used to limit access to the dashboards, and users can be added or removed based on their roles and responsibilities. Therefore, the recommended actions are B and D.
CD should be correct. A is not necessary because access to the Dataverse database is already regulated by the same security roles as the ones in Dynamics 365. Presumably, if RLS is necessary to hide sensitive data, this should also have already been configured--the question does specify that our only task is to replicate the restriction in Power BI, and if the Dataverse dataset is already properly secured, it will still be secured when used for Power BI visualizations. B is already done as per the question. C is necessary to restrict data export in Power BI. People can export data from Power BI reports if it's not also restricted in Power BI, and this is not already done as the question only mentions D365 security being set up.
For me are also CD
The question states the roles have already been configured and the intent is to make Power BI respect the same behaviour; therefore B & C are ruled out. Also, roles don't provide ability to restrict export of data to Excel in Power BI.
B is out. The security role to restrict data export has already been set. A and D