We often see employees in an organization get access information to which they should not have access as per the company policy. It happens because restrictions are not imposed on the Power BI Dataset that’s has been made available. In order to enforce rules to the data that’s available to all the users, we need to implement RLS on the dataset.
Row-Level Security (RLS) enables you to use group membership to control access to rows in a table.
It simplifies the design and coding of security in your report. RLS will help you keep restrictions on data row access in datasets. For example, you can ensure that users access only the data that belongs to their department. Another example is to restrict customers’ data access to only the data relevant to their company.
Let’s see how to implement RLS in PowerBI.
In the below example, consider we have users in many regions. We will restrict data for the users to make sure they can access data belonging only to their region.
Roles and rules
Open the Manage Roles option from the modelling tab, to create regions as roles.
- We can see three sections Roles, Tables & Expressions.
- Click on create to, create a role, we will be able to see the list of tables used in the dataset.
- Select the role name and the table to enter the relevant Filter expression to create appropriate rules for the roles created.
View as roles
- We can see how the report might look like to the users of respective roles easily.
- Click on view as roles in modeling tab -> row-level-security-powerbi
- We can choose the roles from the list as shown -> row-level-security-powerbi
- Data is now filtered based on the rules set up for specific roles.
View as roles are used to check how the report might look for each role that was configured. Once we see satisfying results, let’s publish the report and head to PowerBI service.
Assigning users to roles
In PowerBI Desktop, we have set the roles and rules for the report, In PowerBI Service we can define the users to the roles.
- Open the workspace to which the report was published.
- Head to the Datasets section and click on the ellipses near the dataset of the report that was published
- Click on security.
4. We can enter the user names one by one or use a group by selecting the roles that were set in PowerBI Desktop.
5. RLS will be now applied to the dataset and will be utilized in the report when users access the report.
Now, if the users of central bohemia try to access the report, they won’t be able to see the data of east Bohemia.
It is important to note that workspace settings should be set with “Members can only view Power BI content” privacy mode and for the RLS to be effective for the users, they should have only member access.
Note: This security implementation for analysis services is done in model level.
We can see how easy it is to set up RLS in PowerBI. This feature will be helpful to make sure that users can get access only to the data they are allowed to analyze.
Know more about Microsoft Power BI services offerings from Visual BI solutions here.