I would like to know how to configure row-level security in the model,

Victor Corral 0 Reputation points
2024-12-07T21:19:29.9133333+00:00

Marsden-Holdings underlying dataset tow-level security

Azure Analysis Services
Azure Analysis Services
An Azure service that provides an enterprise-grade analytics engine.
469 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,146 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vinodh247 27,281 Reputation points MVP
    2024-12-08T13:20:59.02+00:00

    Hi ,

    Thanks for reaching out to Microsoft Q&A.

    When you say the data model, I am assuming its not with any particular tool that you need., hence my advise would be generic and most easy and common tool (PBI) that can help to achieve this.

    Configuring Row-Level Security (RLS) in your underlying dataset for Marsden Holdings involves defining rules to restrict access to data based on roles. Here's a step-by-step guide to configure it:

    1. Understand the Data Requirements
    • Identify the dimensions or fields to apply RLS, such as department, region, or user-specific data.
    • Ensure your dataset has a column to filter data based on roles, such as UserEmail, Region, Department, etc.

    1. Prepare Your Dataset
    • Add a security column (UserEmail or Role) in your dataset if it doesn't exist. This column will determine access control for each row.
    • Ensure all relationships between tables are correctly defined.

    1. Open the Dataset in Power BI Desktop
    • Load the marsdenholdings dataset into Power BI.
    • Navigate to Model View for a visual representation of the data model.

    1. Define Roles for RLS
    • Go to Modeling in the Power BI Desktop ribbon.
    • Select Manage Roles.
    • Create roles based on your requirements:
      1. Click Create.
      2. Provide a role name (example: RegionalManager or HRDepartment).
      3. Specify the filter condition for the role by selecting a table and applying a DAX filter. Example:
        • For a region-based filter:
                  DAX
                  
                  [Region] = "North America"
          
        • For a user-based filter:
                  DAX
                  
                  [UserEmail] = USERPRINCIPALNAME()
          

    1. Test Roles
    • Select View as Roles in the Modeling tab.
    • Choose the role you created and verify that it filters data as expected.

    1. Publish the Dataset
    • Publish the dataset to the Power BI service.
    • Navigate to the dataset in the Power BI service, and assign users to the roles you created:
      • Go to Datasets + Dataflows in your workspace.
      • Click on the ellipsis (...) next to your dataset and select Security.
      • Assign users or security groups to the roles.

    1. Validate Security
    • Log in as a user assigned to a role and confirm they only see the allowed rows of data.
    • Use Power BI Service's "View As" feature to simulate role-specific data views.

    Considerations:

    • Dynamic RLS: Use USERPRINCIPALNAME() to filter rows dynamically based on the logged-in user's email or ID.
    • Static RLS: Use fixed conditions like Region = "Europe" for roles that don’t depend on user credentials.
    • Performance: Test performance after implementing RLS, especially for large datasets.

    Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.