Hello to all,
My scenario is this:
I would like to share a power BI report with non-Power BI users, such as with customers or members of my organization who do not use Power BI.
I created a sample application, with an access token for non-Power BI users (app owns data). I followed all the documentation available online, for example this content: https://docs.microsoft.com/en-us/power-bi/developer/get-azuread-access-token
It works! But I have a doubt.
Although I will implement a mechanism to allow access to the page only to authorized users, the user will have access to a web page containing javascript scripts. By displaying the source code, the user can obtain: object ID, token, report ID.
So if the user sent this information to another user, the last one could access the report with simple technical operations.
Even if I set a very short expiration time for the authentication token, there would always be this problem.
How could I make an embedded report by api really reserved for a single group of users?