Steve Hughes gives some advice for securing a Power BI Report Server installation:
You have essentially three layers of access to the report file security in Power BI Report Server.
- The portal itself can be secured. You can and should limit access to the reports by only allowing specific users or groups access to the report portal.
- Folders can be used to provide more granular security over a group of assets in the report portal. In the image above, I created a folder called PBI Secure Reports. A specific AD group has access to this folder. If a user does not have permissions to the folder, the folder does not show up in the portal and they cannot access the folder or the assets, including Power BI reports, stored in this folder.
- Individual reports can be secured as well. I never recommend this option as it becomes administratively difficult to manage. However, the capability is there is a single asset needs to be secured in this fashion.
These options work for any asset stored in the Report Portal and are not limited to Power BI reports.
Power BI Report Server is a different animal from standard Power BI, so securing it will be a bit different as well.