Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
So bit of an explanation here, with the tl;dr of the question at the bottom.
My organization has a web application that stores and tracks records for users. We've been using SSRS for our reports so far, which are integrated into our application. One of the security modules we have in place is user-based. Each user, and each record, has an access level. If the user's access level is lower than the record's, they can't see it. We have a similar setting for restricting user access by their organization relative to the record's. When pulling an SSRS report, our users are able to pass parameters through our application interface to the report, and we also automatically pass the user's organization profile and access level to ensure they are only retrieving records they're authorized to view.
My higher-ups are quite insistent on migrating everything over to Power BI. Problem is, I've found no way to automatically pass parameters to the report on generation. There is no way to pass that required access level to the report prior to retrieving the data. My understanding is that Power BI Embedded may have a feature like this, but since it utilizes an hourly, metered connection for its model, my employers are not willing to entertain that as an option.
So I'm looking into row-level security instead. Is there a way to utilize RLS to restrict what results a user can view, based on one of the column values that is being returned? And assuming that's possible, is it possible to do this securely? My understanding is that we'd have to have our clients' administrators set up the user roles and assign them in Power BI. Is there a way to prevent users from simply changing their own roles, and viewing records they don't have access to?
I would suggest go through this blog https://radacad.com/what-do-you-need-to-implement-dynamic-row-level-security-in-power-bi
Only workspace admin/member can change/update/modify the role, so viewer can not change their roles, they won't see it. As far as I understood your question, it's completely doable. Let me know if this helps.
I know *how* to implement row-level security in general, I just don't know if what I described is possible - and if so, how to do it. Good to know on the security front though, thank you for that!
Thanks.
On your questions "Is there a way to use RLS to restrict the results that a user can see, based on one of the column values that are returned?"
This is definately doable.
Glad to hear it. Not to look a gift horse in the mouth, but any direction on that front by chance? My google-fu isn't the best, but it also isn't the worst, and I've been unable to find anything on it so far.
Hello @MNollette
I think it will be helpful you could provide more direction here, maybe dummy example pbix or some screenshots, or wait if somebody comes up with solution.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
113 | |
99 | |
80 | |
70 | |
59 |
User | Count |
---|---|
149 | |
114 | |
107 | |
89 | |
67 |