How to Set Up Row-Level Security in Power BI
•
0 likes•246 views
Learn how to protect your sensitive information in data models and reports. We demo how to set up static row-level security with groups and dynamic row-level security using DAX. See the video of the demos: https://senturus.com/resources/how-to-set-up-row-level-security-in-power-bi/. Senturus offers a full spectrum of services in business intelligence and training on Tableau, Power BI and Cognos. Our resource library has hundreds of free live and recorded webinars, blog posts, demos and unbiased product reviews available on our website at: http://www.senturus.com/senturus-resources/.
Recommended
Recommended
More Related Content
Similar to How to Set Up Row-Level Security in Power BI
Similar to How to Set Up Row-Level Security in Power BI (20)
More from Senturus
More from Senturus (20)
Recently uploaded
Recently uploaded (20)
How to Set Up Row-Level Security in Power BI
- 1. How to Setup Row-Level Security in Power BI 2
- 2. Agenda • Introductions • Row-level security (RLS) in the context of overall Power BI security •Demos: static and dynamic RLS •Additional security considerations • Senturus overview • Additional resources • Q&A 3
- 3. 4 Introductions Stephen Wullschleger Vice President Senturus, Inc. Michael Weinhauer Director Senturus, Inc. 4
- 4. 5 Hundreds of resources Visit the Resource Library on the Senturus website to download this presentation and explore other assets: senturus.com/resources 5
- 5. Enjoy the full webinar presentation This slide deck is from the webinar How to Set Up Row-Level Security in Power BI To view the FREE video recording and download this deck, go to https://senturus.com/resources/how-to-set-up-row- level-security-in-power-bi/ 6
- 6. Power BI security introduction • Power BI is an online SaaS offering built on Azure • Web front end cluster • Back-end cluster • Premium offers dedicated, provisioned and partitioned instance • Azure Active Directory for account authentication and management • User accounts • Security groups • Distribution lists 7See: https://docs.microsoft.com/en-us/power-bi/guidance/whitepaper-powerbi-security
- 7. Data storage and movement • A Power BI dataset is a collection of data that you import or connect to, it can be at rest or in process • With DirectQuery, source data is not stored in Power BI 8 X = presence of Power BI data when using the associated query type
- 8. User authentication to data sources • With each data source, users connect based on their login, they access the data with those credentials • When sharing, access is based on whether the source supports RLS • Non-RLS data sources • Original credentials supplied during connection are applied to access or display the data • RLS capable data sources • Datasets using Import and DirectQuery • On-premises data gateway can enforce RLS on some sources 9
- 9. What is role-level security? A security mechanism that filters the records from a table based on the authorization context of the current user that is logged in. 10 All Records in table Mike’s login John’s login Kay’s login
- 10. Roles • Filters limit what data is shown in a visualization • A special type of Role Filter is built into Power BI to use for row-level security • A Role is typically a job function or geographic location • Sometimes people play more than one role, they can be assigned to multiple roles • Example: A project manager might need access to sales and engineering data, so they’re assigned to both roles 11
- 11. Static role filters • Static Role Filters are based on dimension(s) of the data in the dataset and are a hardcoded value • Examples: • Location, Job Title, Department • Static Role Filter examples: • Location - Users in the USA Role should only see rows of data where Country is set to USA • Department - People in the HR Role can see payroll data but others cannot • Static Role Filters are defined in the Power BI report • Users are assigned to Roles in Power BI service at the dataset level 12
- 12. See the static role filter demo 13 This demo was great, but it can’t be seen in SlideShare. See this demo and the entire webinar at: https://senturus.com/resources/how-to- set-up-row-level-security-in-power-bi/
- 13. Dynamic role filters • Often, user and role assignments are already maintained in another system and you won’t want to duplicate that assignment in Power BI service • We can pull that assignment data into our dataset along with the rest of the data • Dynamic Role Filters are based on relating the Power BI service user to data source user data to enforce row-level security • We need some new DAX functions to help us out… 14
- 14. DAX user functions • USERNAME() • The username from Power BI in the format domainusername • USERPRINCIPALNAME() • The username from Power BI in the format username@domain.com • Your source data will need the user names in one of these two formats to mesh correctly with Power BI 15
- 15. See the dynamic role filter demo 16 This demo was great, but it can’t be seen in SlideShare. See this demo and the entire webinar at: https://senturus.com/resources/how-to- set-up-row-level-security-in-power-bi/
- 16. Hierarchical role filters • Sometimes you need to implement RLS in a conditional way, some users are restricted in one way, other users are restricted in another way • Hierarchal data is an example of when you might need to use this technique 17 • Typical hierarchies are management levels or geographic • To solve this, we will filter on the hierarchy table and apply conditional filters • To implement this, we need two more DAX functions…
- 17. See the hierarchical role filter demo 18 This demo was great, but it can’t be seen in SlideShare. See this demo and the entire webinar at: https://senturus.com/resources/how-to- set-up-row-level-security-in-power-bi/
- 18. Limitations • Does not answer the question “Who can see which reports?” • That is permissions and sharing related • RLS only limits data access in published reports being viewed by users in Power BI service • Only applies to viewer member • Users with access to dataset can download and access without restrictions • Maintenance 19
- 19. RLS within overall security framework • Which users need access to what information? • What is overall data governance approach? • What combination of import, DirectQuery and live connection? • Where to implement security? • How to maintain access lists? 20
- 20. Additional resources • Upcoming Power BI training https://senturus.com/training/course-schedule-2/ • Website articles • Comparing Tools in the Microsoft BI Suite https://senturus.com/blog/reference-guide-comparing-tools-in¬-the-microsoft-bi-suite/ • Power BI Four Ways to Connect to and Prep Data https://senturus.com/blog/power-bi-four-ways-to-connect-to-and-prep-data/ • How to Share Power BI Datasets, Dataflows and Certified Datasets https://senturus.com/resources/how-to-share-power-bi-datasets-dataflows-and-certified-datasets/ • Preparing to deploy Power BI Premium https://senturus.com/resources/preparing-to-deploy-power-bi-premium/ • Mentoring sessions https://senturus.com/bi-mentoring/ 21
- 21. The authority in Business Intelligence 22 Exclusively focused on BI, Senturus is unrivaled in its expertise across the BI stack.
- 22. Decisions and actionsBusiness needs Bridging the data and decisioning gap 23 Analysis-ready data
- 23. Full spectrum BI services •Dashboards, reporting and visualizations •Data preparation and modern data warehousing •Hybrid BI environments (migrations, security, etc.) •Software to enable bimodal BI and platform migrations •BI support retainer (expertise on demand) •Training and mentoring 24
- 24. A long, strong history of success •19+ years •1300+ clients •2500+ projects 25
- 25. Expand your knowledge 26 Find more resources on the Senturus website: senturus.com/senturus-resources
- 26. Upcoming events •Cognos Framework Manager vs. Data Modules • Comprehensive comparison plus key feature gaps • Thursday, Jun 25, 2020, 11am PT/2pm ET 27
- 27. Complete BI training 28 Instructor-led online courses Self-paced learning MentoringTailored group sessions
- 28. Additional resources 29 Insider viewpointsTechnical tipsUnbiased product reviews Product demos Upcoming eventsMore on this subject
- 29. © 2020 by Senturus, Inc. This presentation may not be reused or distributed without the written consent of Senturus, Inc. www.senturus.com 888 601 6010 info@senturus.com Thank You
Editor's Notes
- Joining us today is…..Steve Wullschleger Stephen’s background in BI, operations and finance spans 30 years. During that time he has led numerous business analytics initiatives using Microsoft data tools and has watched the platform evolve from his initial use of version 1 of SQL Server and Microsoft Access. He brings a deep familiarity with the various capabilities and components of the Microsoft BI platform and understanding o f how to best leverage them.
- The first question we usually get is “Can I get a copy of the presentation?” Absolutely! It’s available on Senturus.com. Select the Resources tab and then Resources Library. Or you can click the link that was just posted in the GoToWebinar Control panel. Be sure to bookmark the resource library. It has tons of valuable content addressing a wide variety of business analytics topics.
- Fine-grained access control: who has access to which rows to your database table. Both when connect directly or when connect through an application. Security logic resides within database. Bound to schema logic. Does all the filtering for you. Transparency: Filtering “silently behind the covers.” Works at query time. When you execute the query, filter out rows that user is not supposed to see. Centralized: bind tightly to schema. Protect tables and prevent others from making changes Less maintenance and complexity. Do not have to maintain in the application
- At Senturus we concentrate our expertise on business intelligence with a depth of knowledge across the entire BI stack.
- At Senturus, our clients know us for providing clarity from the chaos of complex business requirements, disparate data sources and constantly moving targets. We have made a name for ourselves because of our strength at bridging the gap between IT and business users. We deliver solutions that give you access to reliable, analysis-ready data across the organization so you can quickly and easily get answers at the point of impact: the Decisions you Make and Actions you Take.
- Our consultants are leading experts in the field of analytics, with years of pragmatic, real-world expertise and experience advancing the state-of-the-art. We’re so confident in our team and our methodology that we back our projects with a 100% money back guarantee that is unique in the industry.
- We have been focused exclusively on business intelligence for 19 years. We work across the spectrum from Fortune 500 to mid market, We solve business problems across many industries and function areas including in the office of finance, sales and marketing, manufacturing, operations, HR and IT Our team is large enough to meet all your business analytics needs yet small enough to provide personal attention.
- Senturus has 100s of free resources on our website, from webinars on all things BI, to our fabulous up-to-the-minute, easily consumable blogs.
- We provide training in the three top BI platforms. We are ideal for organizations running multiple platforms or those moving from one to another. We can provide training in many modes and can mix and match to suit your user community.
- Senturus provides 100s of free resources on our website. We have been committed to sharing our BI expertise for over a decade.