Versions Compared

Old Version 36

changes.mady.by.user Miguel Gonzalez

Saved on

compared with

New Version 37

changes.mady.by.user Miguel Gonzalez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Select the Modeling tab.
  2. Select Manage Roles.
  3. Select Create.

  4. Select the table that you want to apply a DAX rule.



  5. Enter the DAX expression that contains the Power the Power BI RLS Process flow. Explained below:

    The view (POWERBI_SECURITY_POC_V2) in DWTEST contains the following tables:

    • F_USFPG_COLLECTIONS_RVUS
    • USFPG_DEPT_PROFILE_V
    • L_SECURITY_POWERBI_V

...

    The view (POWERBI_SECURITY_POC_V2) is joined using KEY_DEPT_PROFILE which is available in F_USFPG_COLLECTIONS_RVUS and USFPG_DEPT_PROFILE_V and KEY_GLOBAL_DEPT in L_SECURITY_POWERBI_V and USFPG_DEPT_PROFILE_V

...

  1. .

    The DAX username role in Power BI desktop à  [POWERBI_ID] = LEFT(USERPRINCIPALNAME(),FIND("@",USERPRINCIPALNAME())-1) which is used to retrieve

...

  1. the netid

...

  1.  of the person who signs-in to Power BI and maps it to the PowerBI ID which is available in the L_SECURITY_POWERBI_V

...

  1. Once the report is published, in PowerBI service, the username role created can be assigned to individual users or AD groups. So who ever signs-in to the report will see only the rows which has their netid.[1] See below an example of an New role with the dax expression containing a POWERBI_ID and filtering by a specific Department:

    Image Added


  2. To test the role and verify the data is correct just select View as Role, select the role and click OK.

     Image Added

Image Removed

Image Removed

Image Removed

Image Removed

Image Removed

Image Removed

Image Removed

...

  1. Image Added

  2. Now you will see a yellow banner in top of the report showing the role name and the option to Stop Viewing:

    Image Added

  3. When the roles are configured as needed you can click Publish and the changes will be applied.

    Image Added

  4. Now we have to configure the security setings in the PowerBi web environment.  We select the workplace in which we published the report and select the dataset with the same name of the report. Select the (...) and click the Security option in the ddl: 
    Image Added

  5. You will be able to assign different Members to the roles created so they can inherit the rules of the assigned role.

    Image Added

  6. Click Add and then Save. This will assign that member to the specified role.  
    Image Added

  7.  Now we Test as role to verify if the configuration works as we needed:

    Image Added

 

Findings:

 

  • Workplace

If you are an Admin in the workspace you will always be able to see all data when you open a report no matter what is your security role assigned for a particular report.

...

A work around it can be creating Department row-level security roles that can have more than one department. So we can add multiple users to this role. 

 

See below images with the role containing the Pediatrics department with Pathology:

...


[1] Ramchander Ravi email on PowerBI RLS process flow; received on Tuesday, April 24, 2018 3:38 PM

...

Manage security on your model

...