Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Reply
matdub40
Helper II
Helper II

How to implement line-level security in an Analysis Services model?

‎08-31-2022 01:26 AM

I have a data model that is like this:

matdub40_0-1661933921169.png

 

Joins are done between tables on storenumber and storename.


I would like to give access to the stores staff but they only see the sales of their own store. I added their mail in the table Y2_Stores.

The sales data are in the table Y2_Sales.

 

I added the Y2_StoreEmployee table with storenumber | email and made a relation on storenumber in double direction to the Y2_Stores table :

matdub40_1-1662117940754.png

Relationships:

 

F1Vrs.png

 

 

I created a role with this formula:

 

YAHbh.png

 

but when I connect with the email I put in the Y2_StoreEmployee table I still see all the sales... is there anything else to do?

Can you help me ?
Thanks

Labels:
Message 1 of 5
407 Views
0
1 ACCEPTED SOLUTION
v-rongtiep-msft
Community Support
Community Support

‎09-02-2022 01:18 AM

Hi @matdub40 ,

It seems there is nothing wrong with the formula. Row-level security (RLS) with Power BI can be used to restrict data access for given users. Filters restrict data access at the row level, and you can define filters within roles. In the Power BI service, members of a workspace have access to datasets in the workspace. RLS doesn't restrict this data access.

 

For Analysis Services or Azure Analysis Services lives connections, you configure Row-level security in the model, not in Power BI Desktop. The security option will not show up for live connection datasets.

 

Please check the role in the workspace. Please check where the Y2_Stores[email] is the same as the current logged on Windows user name, and Y2_Stores[storenumber] is the same as the Y2_Sales[detail_number]).

 

Please check the RLS "view as a user " on the desktop. 

 

If it still does not help , please provide your pbix file without privacy information for us testing or provide more details with screenshots.

 

Best Regards

Community Support Team _ Polly

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 4 of 5
301 Views
4 REPLIES 4
v-rongtiep-msft
Community Support
Community Support

‎09-02-2022 01:18 AM

Hi @matdub40 ,

It seems there is nothing wrong with the formula. Row-level security (RLS) with Power BI can be used to restrict data access for given users. Filters restrict data access at the row level, and you can define filters within roles. In the Power BI service, members of a workspace have access to datasets in the workspace. RLS doesn't restrict this data access.

 

For Analysis Services or Azure Analysis Services lives connections, you configure Row-level security in the model, not in Power BI Desktop. The security option will not show up for live connection datasets.

 

Please check the role in the workspace. Please check where the Y2_Stores[email] is the same as the current logged on Windows user name, and Y2_Stores[storenumber] is the same as the Y2_Sales[detail_number]).

 

Please check the RLS "view as a user " on the desktop. 

 

If it still does not help , please provide your pbix file without privacy information for us testing or provide more details with screenshots.

 

Best Regards

Community Support Team _ Polly

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 4 of 5
302 Views
matdub40
Helper II
Helper II
In response to v-rongtiep-msft

‎09-05-2022 06:05 AM

Thank you very much for your answer! @v-rongtiep-msft 
Indeed, the members of the BI group in Azure were owners of the workspace so they could see everything.
I just made the change by putting the email as the workspace viewer and it works!

What is the best thing to do because there is the workspace, the application and in this application my Power BI report which must be filtered. Where should the viewer permission be put?

Maybe add them as a reader of the report and send them the link?

Message 5 of 5
268 Views
0
matdub40
Helper II
Helper II

‎09-02-2022 12:19 AM

Hi @v-rongtiep-msft,

 

I have already done everything you describe in your answer.

Where I'm stuck is writing the DAX formula at row level in Analysis Services (step 4 of task 2 in your link). I have tried several but when the user logs in he still sees all the rows.

 

Can you help me write the correct DAX formula in my case?

Thanks

Message 3 of 5
307 Views
0
v-rongtiep-msft
Community Support
Community Support

‎09-01-2022 11:36 PM

Hi @matdub40 ,

Implement row-level security in an on-premises Analysis Services Tabular Model and use it in a Power BI report.

  • Create a new security table in the AdventureworksDW2012 database
  • Build the tabular model with necessary fact and dimension tables
  • Define user roles and permissions
  • Deploy the model to an Analysis Services tabular instance
  • Build a Power BI Desktop report that displays data tailored to the user accessing the report
  • Deploy the report to Power BI service
  • Create a new dashboard based on the report
  • Share the dashboard with your coworkers

More details : Dynamic row-level security with Analysis services tabular model - Power BI | Microsoft Docs

 

Best Regards

Community Support Team _ Polly

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 5
313 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All