...
You cannot assign users to a role within Power BI Desktop. This is done within the Power BI service. You can enable dynamic security within Power BI Desktop by making use of the username() or userprincipalname() DAX functions and having the proper relationships configured.
Power BI RLS Process Process
How to use the technique:
- Adding a new security role
- Power BI RLS Process flow
The view (POWERBI_SECURITY_POC_V2) in DWTEST contains the following tables:
- F_USFPG_COLLECTIONS_RVUS
- USFPG_DEPT_PROFILE_V
- L_SECURITY_POWERBI_V
The view (POWERBI_SECURITY_POC_V2) is joined using KEY_DEPT_PROFILE which is available in F_USFPG_COLLECTIONS_RVUS and USFPG_DEPT_PROFILE_V and KEY_GLOBAL_DEPT in L_SECURITY_POWERBI_V and USFPG_DEPT_PROFILE_V
The DAX username role in Power BI desktop à [POWERBI_ID] = LEFT(USERPRINCIPALNAME(),FIND("@",USERPRINCIPALNAME())-1) which is used to retrieve the netid of the person who signs-in to Power BI and maps it to the PowerBI ID which is available in the L_SECURITY_POWERBI_V
Once the report is published, in PowerBI service, the username role created can be assigned to individual users or AD groups. So who ever signs-in to the report will see only the rows which has their netid.[1]
Findings:
- Workplace
If you are an Admin in the workspace you will always be able to see all data when you open a report no matter what is your security role assigned for a particular report.
If you are a Member in the workspace you will be able to see the relevant data permitted in your security role assigned for a particular report.
See image below:
- Multiple Roles
Basically you cannot have one member in more than one Department row-level security role. The way the method is constructed it not allows one person to participate in more than one department.
- Same report shows data from the MULTIPLE departments an example non-VIP user is approved to access requirement not met.
A work around it can be creating Department row-level security roles that can have more than one department. So we can add multiple users to this role.
See below images with the role containing the Pediatrics department with Pathology:
Manage security on your model
...