What are Power BI Desktop custom visualizations and how can I use them? Are there any security concerns? What files comprise a custom visualization? How can I review the files?
In several previous tips (Getting Started with Power BI Desktop, Querying SQL Server Data in Power BI Desktop and Power BI Desktop Web Queries, we covered some of the basic methods and functionality available within Power BI Desktop (PBID). The tool is really "cool", and the best news is that getting PBID is easy as downloading it at: https://powerbi.microsoft.com/downloads.
The current edition of the software is available free of charge, but of course that could change. Furthermore to publish the PBID reports to the web, you must have an account setup on the Power BI site and currently sign up for the web publishing is only available to commercial email addresses. Before I go too far I need to warn you that the tool is still in its early stages. Sure it works well from my testing, but features are being added and removed every week and every month. With all these changes and updates, Microsoft is currently releasing a new version of PBID at least once per month if not more often. You can see the latest version information on the Microsoft Power BI Support page at: https://powerbi.microsoft.com/en-us/documentation/powerbi-desktop-get-the-desktop/.
The Power BI Desktop includes a large variety of standard visualizations that cover a variety of report designer needs. In many cases these visualizations will meet the bulk of the needs of report designers. However, there are always those situations where a different style of chart, graph, or table is required to achieve a specific desired result. These customizations can be developed internally or you can retrieve other customized visuals from the Visualization Gallery, https://app.powerbi.com/visuals. The gallery, illustrated in the next two screen prints, contain visualizations that have been submitted to the Microsoft Power BI Group. These visuals can actually be used by Power BI Desktop or the Power BI products. These visuals are developed by community and are not warranted by Microsoft (more on security later).
Within the online Visuals Gallery, you basically just click on the visualization you want in order to download the file to your own desktop.
Adding Customizing Visualizations in Power BI
Once the decision is made to add a custom visualization, you must download the visual from the Power BI Visualization Gallery (as noted above) or retrieve the file from your own internal gallery if your organization designed the visualization locally. The visualization file that is created contains a pbiviz extension.
To import the visual, step 1 is to use the ellipse (3 dot button) to open the Import Visualization wizard, as shown below.
Microsoft covers its risk liability and is sure to let you know that the Custom Visual is not one of its own. We will discuss how you validate a custom visual shortly.
Once we have imported a visual, it now shows up in the report gallery, as shown next.
Now we simply use the visual like you would any other visual on the dashboard. In the below illustration, we added the Tornado Chart visual to our dashboard. Notice that the options and properties are similar to many of the standard visualizations.
Power BI Custom Visualizations Security Risks
So as you can see, custom visualizations are easy to implement
and use; security risks certainly exist and could be exploited within a
custom visual. The first step in your vetting process is to check out
the publisher of the visualization. In particular, online you can see the
publisher just under the visualization name on the download page, and then by clicking the
support button you will be taken to the publisher's website. You could
also click the Contact Author link which will open an email to the
author's designated address. Finally, you can click on the GitHub link
to check out the source code for the visual; we will discuss shortly an
alternate way of examining the code used within the visual.
One of the other surprising things about the custom visuals, is that actually many of them are published by Microsoft; I assume these are a testing ground for new visuals that may be permanently added later.
Once you have checked out the website for a custom visual, you will then want to run through the code. As mentioned above, you can review the GitHub project for the non Microsoft projects. Alternately, I find it even more helpful to extract the pbiviz files using an unzip tool. In the below example, I use my preferred zip tool, 7-Zip, to extract the files from the main visualization file.
As shown below with the Card with States visual, the unzip process creates two directory levels. The first level includes the json file which is a manifest list of all the files used by the visual and also includes description and contact info for the visual publisher.
below) file, you need to examine what
calls are being made to the data, determine what data is being sent
internally and externally. I would also check to see if requests are
machine executing the visual. Furthermore, you should check if the
Just as you would with other code obtained from the Internet, be cautious and
check what you are wanting to run before actually putting the visual
Enable a Visualization in Power BI
Once you have added the visualization, then it is now embedded into
the dashboard. Each time you open that report or any report that is
shared with you that contains a custom visual, you will receive the
below message and the visualization will not display immediately. You must enable
the visual each time the PBID file is opened. As noted in the second
screen print, the same warning appears when you publish the report.
Once you enable the visual, it now appears as normal; however you must enable it upon each opening of the report.
- Check out these resources:
Last Update: 2015-12-11
About the author
View all my tips