Learn how to protect your sensitive information in data models and reports. We demo how to set up static row-level security with groups and dynamic row-level security using DAX. See the video of the demos: https://senturus.com/resources/how-to-set-up-row-level-security-in-power-bi/.
Senturus offers a full spectrum of services in business intelligence and training on Tableau, Power BI and Cognos. Our resource library has hundreds of free live and recorded webinars, blog posts, demos and unbiased product reviews available on our website at: http://www.senturus.com/senturus-resources/.
4. 5
Hundreds of resources
Visit the Resource Library
on the Senturus website
to download this presentation
and explore other assets:
senturus.com/resources
5
5. Enjoy the full webinar presentation
This slide deck is from the webinar How to Set Up Row-Level
Security in Power BI
To view the FREE video recording and download this deck,
go to https://senturus.com/resources/how-to-set-up-row-
level-security-in-power-bi/
6
6. Power BI security introduction
• Power BI is an online SaaS offering built on Azure
• Web front end cluster
• Back-end cluster
• Premium offers dedicated, provisioned and partitioned instance
• Azure Active Directory for account authentication and
management
• User accounts
• Security groups
• Distribution lists
7See: https://docs.microsoft.com/en-us/power-bi/guidance/whitepaper-powerbi-security
7. Data storage and movement
• A Power BI dataset is a collection of data that you import or
connect to, it can be at rest or in process
• With DirectQuery, source data is not stored in Power BI
8
X = presence of Power BI data when using the associated query type
8. User authentication to data sources
• With each data source, users connect based on their login, they
access the data with those credentials
• When sharing, access is based on whether the source supports
RLS
• Non-RLS data sources
• Original credentials supplied during connection are applied to access or display
the data
• RLS capable data sources
• Datasets using Import and DirectQuery
• On-premises data gateway can enforce RLS on some sources
9
9. What is role-level security?
A security mechanism that filters the records from a table based
on the authorization context of the current user that is logged in.
10
All Records in table
Mike’s login
John’s login
Kay’s login
10. Roles
• Filters limit what data is shown in a visualization
• A special type of Role Filter is built into Power BI to use for
row-level security
• A Role is typically a job function or geographic location
• Sometimes people play more than one role, they can be
assigned to multiple roles
• Example: A project manager might need access to sales and
engineering data, so they’re assigned to both roles
11
11. Static role filters
• Static Role Filters are based on dimension(s) of the data in the
dataset and are a hardcoded value
• Examples:
• Location, Job Title, Department
• Static Role Filter examples:
• Location - Users in the USA Role should only see rows of data where
Country is set to USA
• Department - People in the HR Role can see payroll data but others
cannot
• Static Role Filters are defined in the Power BI report
• Users are assigned to Roles in Power BI service at the dataset level
12
12. See the static role filter demo
13
This demo was great, but it can’t be seen
in SlideShare.
See this demo and the entire webinar at:
https://senturus.com/resources/how-to-
set-up-row-level-security-in-power-bi/
13. Dynamic role filters
• Often, user and role assignments are already maintained in
another system and you won’t want to duplicate that assignment
in Power BI service
• We can pull that assignment data into our dataset along with the
rest of the data
• Dynamic Role Filters are based on relating the Power BI
service user to data source user data to enforce row-level
security
• We need some new DAX functions to help us out…
14
14. DAX user functions
• USERNAME()
• The username from Power BI in the format domainusername
• USERPRINCIPALNAME()
• The username from Power BI in the format username@domain.com
• Your source data will need the user names in one of these two
formats to mesh correctly with Power BI
15
15. See the dynamic role filter demo
16
This demo was great, but it can’t be seen
in SlideShare.
See this demo and the entire webinar at:
https://senturus.com/resources/how-to-
set-up-row-level-security-in-power-bi/
16. Hierarchical role filters
• Sometimes you need to implement RLS in a conditional way, some users
are restricted in one way, other users are restricted in another way
• Hierarchal data is an example of when you might need to use this
technique
17
• Typical hierarchies are management levels or
geographic
• To solve this, we will filter on the hierarchy table and
apply conditional filters
• To implement this, we need two more DAX functions…
17. See the hierarchical role
filter demo
18
This demo was great, but it can’t be seen
in SlideShare.
See this demo and the entire webinar at:
https://senturus.com/resources/how-to-
set-up-row-level-security-in-power-bi/
18. Limitations
• Does not answer the question “Who can see which reports?”
• That is permissions and sharing related
• RLS only limits data access in published reports being viewed
by users in Power BI service
• Only applies to viewer member
• Users with access to dataset can download and access without
restrictions
• Maintenance
19
19. RLS within overall security framework
• Which users need access to what information?
• What is overall data governance approach?
• What combination of import, DirectQuery and live connection?
• Where to implement security?
• How to maintain access lists?
20
20. Additional resources
• Upcoming Power BI training
https://senturus.com/training/course-schedule-2/
• Website articles
• Comparing Tools in the Microsoft BI Suite
https://senturus.com/blog/reference-guide-comparing-tools-in¬-the-microsoft-bi-suite/
• Power BI Four Ways to Connect to and Prep Data
https://senturus.com/blog/power-bi-four-ways-to-connect-to-and-prep-data/
• How to Share Power BI Datasets, Dataflows and Certified Datasets
https://senturus.com/resources/how-to-share-power-bi-datasets-dataflows-and-certified-datasets/
• Preparing to deploy Power BI Premium
https://senturus.com/resources/preparing-to-deploy-power-bi-premium/
• Mentoring sessions
https://senturus.com/bi-mentoring/
21
21. The authority in
Business Intelligence
22
Exclusively focused on BI,
Senturus is unrivaled in its
expertise across the BI stack.
23. Full spectrum BI services
•Dashboards, reporting and visualizations
•Data preparation and modern data warehousing
•Hybrid BI environments (migrations, security, etc.)
•Software to enable bimodal BI and platform migrations
•BI support retainer (expertise on demand)
•Training and mentoring
24
24. A long, strong history of success
•19+ years
•1300+ clients
•2500+ projects
25
26. Upcoming events
•Cognos Framework Manager vs. Data Modules
• Comprehensive comparison plus key feature gaps
• Thursday, Jun 25, 2020, 11am PT/2pm ET
27
Joining us today is…..Steve Wullschleger
Stephen’s background in BI, operations and finance spans 30 years. During that time he has led numerous business analytics initiatives using Microsoft data tools and has watched the platform evolve from his initial use of version 1 of SQL Server and Microsoft Access. He brings a deep familiarity with the various capabilities and components of the Microsoft BI platform and understanding o f how to best leverage them.
The first question we usually get is “Can I get a copy of the presentation?” Absolutely! It’s available on Senturus.com. Select the Resources tab and then Resources Library.
Or you can click the link that was just posted in the GoToWebinar Control panel.
Be sure to bookmark the resource library. It has tons of valuable content addressing a wide variety of business analytics topics.
Fine-grained access control: who has access to which rows to your database table. Both when connect directly or when connect through an application.
Security logic resides within database. Bound to schema logic. Does all the filtering for you.
Transparency: Filtering “silently behind the covers.” Works at query time. When you execute the query, filter out rows that user is not supposed to see.
Centralized: bind tightly to schema. Protect tables and prevent others from making changes
Less maintenance and complexity. Do not have to maintain in the application
At Senturus we concentrate our expertise on business intelligence with a depth of knowledge across the entire BI stack.
At Senturus, our clients know us for providing clarity from the chaos of complex business requirements, disparate data sources and constantly moving targets.
We have made a name for ourselves because of our strength at bridging the gap between IT and business users.
We deliver solutions that give you access to reliable, analysis-ready data across the organization so you can quickly and easily get answers at the point of impact: the Decisions you Make and Actions you Take.
Our consultants are leading experts in the field of analytics, with years of pragmatic, real-world expertise and experience advancing the state-of-the-art.
We’re so confident in our team and our methodology that we back our projects with a 100% money back guarantee that is unique in the industry.
We have been focused exclusively on business intelligence for 19 years.
We work across the spectrum from Fortune 500 to mid market, We solve business problems across many industries and function areas including in the office of finance, sales and marketing, manufacturing, operations, HR and IT
Our team is large enough to meet all your business analytics needs yet small enough to provide personal attention.
Senturus has 100s of free resources on our website, from webinars on all things BI, to our fabulous up-to-the-minute, easily consumable blogs.
We provide training in the three top BI platforms. We are ideal for organizations running multiple platforms or those moving from one to another.
We can provide training in many modes and can mix and match to suit your user community.
Senturus provides 100s of free resources on our website. We have been committed to sharing our BI expertise for over a decade.