How does Procore's Secure File Access setting impact Procore Analytics?

Background

To protect your data, the Company Admin tool's Secure File Access feature requires users to log in to Procore before they can view files shared from Procore emails, PDF exports, or the API. Turning this setting ON is valuable for organizations with strict IT security requirements or those handling sensitive project information.

For companies with lower IT security requirements, a Company Admin can change the setting to allow anyone with the link to access a file without logging in.

Answer

If you have the Secure File Access feature turned ON in Procore, links to files (like project photos) require viewers to be logged into Procore. This setting impacts Procore Analytics 2.0 reports that you share with people who do not have a Procore user account. This helps to ensure your sensitive project information is protected.

How might this affect you?

Example

Let's say your company builds its Procore Analytics reports with Power BI. Some out-of-the-box Procore Analytics reports have the Photo URL functionality. A Photo URL is a direct web link to a specific photo file (e.g., a JPEG or PNG) that is stored in your company's Procore account. This URL displays images from your Procore projects directly within external reports and dashboards created with Business Intelligence (BI) tools like Power BI. Instead of storing a static copy of the image, your report stores the live link.

If you share a Power BI report and the Secure File Access feature is turned ON in Procore, the report includes a secured photo from Procore. This means any viewer without a Procore account will be unable to view that photo. The system will prompt them to log in, and because they cannot, the photo will appear as a broken image.

Who does this affect?

This affects you specifically if your company:

Uses the Procore Analytics 2.0 Databricks connection. See Connect to Databricks.
Has the Secure File Access feature enabled. See Manage Secure File Access for Your Procore Company Account.
Includes secured file links (like photos) in external applications to share with people who do not have a Procore user account.

What are your options?

When sharing reports with non-Procore users, choose the approach that best fits your company's security policies and reporting needs.

Adjust Your Company's Secure File Access Setting. A Procore Company Admin can disable the 'Secure File Access' feature. This is the most direct solution to make photos visible to everyone.
- Consideration: This removes the login requirement for all file links shared from your account, making them publicly accessible. This option is suitable for companies with less stringent IT security requirements.
Provide 'Viewer' Access to Report End Users. Before sharing a report, provide your report end users with 'Viewer' access. Also, ensure they do not have 'Editor' access and hide URLs by embedding them in text or buttons.
- Consideration: This requires you to ensure URLs are not visible on the reports you create and that you do not provide 'Editor' access to anyone who should not see the underlying file paths.
Share Static Reports Instead of Live Dashboards. Instead of sharing a link to the interactive Power BI report, export it as a PDF and distribute the static file.
- Consideration: The photos will be embedded and visible in the PDF, but your viewers will lose the ability to interact with the live data in the dashboard.
Share Only with Procore Users. You can keep the highest level of security by creating a Procore user account for anyone who needs to view your live, interactive reports.
- Consideration: This ensures that only authenticated users can access your data, but it may have additional administrative implications.