![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 48%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVC%3C/text%3E%3C/svg%3E)
Azure Analysis Services
An Azure service that provides an enterprise-grade analytics engine.
465 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Hi ,
Thanks for reaching out to Microsoft Q&A.
When you say the data model, I am assuming its not with any particular tool that you need., hence my advise would be generic and most easy and common tool (PBI) that can help to achieve this.
Configuring Row-Level Security (RLS) in your underlying dataset for Marsden Holdings involves defining rules to restrict access to data based on roles. Here's a step-by-step guide to configure it:
- Understand the Data Requirements
- Identify the dimensions or fields to apply RLS, such as department, region, or user-specific data.
- Ensure your dataset has a column to filter data based on roles, such as
UserEmail,Region,Department, etc.
- Prepare Your Dataset
- Add a security column (
UserEmailorRole) in your dataset if it doesn't exist. This column will determine access control for each row. - Ensure all relationships between tables are correctly defined.
- Open the Dataset in Power BI Desktop
- Load the marsdenholdings dataset into Power BI.
- Navigate to Model View for a visual representation of the data model.
- Define Roles for RLS
- Go to Modeling in the Power BI Desktop ribbon.
- Select Manage Roles.
- Create roles based on your requirements:
- Click Create.
- Provide a role name (example:
RegionalManagerorHRDepartment). - Specify the filter condition for the role by selecting a table and applying a DAX filter. Example:
- For a region-based filter:
DAX [Region] = "North America" - For a user-based filter:
DAX [UserEmail] = USERPRINCIPALNAME()
- For a region-based filter:
- Test Roles
- Select View as Roles in the Modeling tab.
- Choose the role you created and verify that it filters data as expected.
- Publish the Dataset
- Publish the dataset to the Power BI service.
- Navigate to the dataset in the Power BI service, and assign users to the roles you created:
- Go to Datasets + Dataflows in your workspace.
- Click on the ellipsis (
...) next to your dataset and select Security. - Assign users or security groups to the roles.
- Validate Security
- Log in as a user assigned to a role and confirm they only see the allowed rows of data.
- Use Power BI Service's "View As" feature to simulate role-specific data views.
Considerations:
- Dynamic RLS: Use
USERPRINCIPALNAME()to filter rows dynamically based on the logged-in user's email or ID. - Static RLS: Use fixed conditions like
Region = "Europe"for roles that don’t depend on user credentials. - Performance: Test performance after implementing RLS, especially for large datasets.
Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.