Users are given certain security roles so that they can access only limited entities and data in D365 Frontend application. But if the user is in power bi and connects to the dataverse it is allowing all the entities which they do not have access via application. Restricting the access in the frontend and allowing access to the entire database from the backend in Power BI, Power Automate and Power Apps which is not good at all.