Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
MNollette
Regular Visitor

Is there a way to use row-level security to hide SQL Server query results based on returned data?

‎11-05-2020 11:03 AM

So bit of an explanation here, with the tl;dr of the question at the bottom.

 

My organization has a web application that stores and tracks records for users. We've been using SSRS for our reports so far, which are integrated into our application. One of the security modules we have in place is user-based. Each user, and each record, has an access level. If the user's access level is lower than the record's, they can't see it. We have a similar setting for restricting user access by their organization relative to the record's. When pulling an SSRS report, our users are able to pass parameters through our application interface to the report, and we also automatically pass the user's organization profile and access level to ensure they are only retrieving records they're authorized to view. 

 

My higher-ups are quite insistent on migrating everything over to Power BI. Problem is, I've found no way to automatically pass parameters to the report on generation. There is no way to pass that required access level to the report prior to retrieving the data. My understanding is that Power BI Embedded may have a feature like this, but since it utilizes an hourly, metered connection for its model, my employers are not willing to entertain that as an option. 

 

So I'm looking into row-level security instead. Is there a way to utilize RLS to restrict what results a user can view, based on one of the column values that is being returned? And assuming that's possible, is it possible to do this securely? My understanding is that we'd have to have our clients' administrators set up the user roles and assign them in Power BI. Is there a way to prevent users from simply changing their own roles, and viewing records they don't have access to?

Labels:
Message 1 of 6
613 Views
0
5 REPLIES 5
mhossain
Solution Sage
Solution Sage

‎11-05-2020 11:53 AM

@MNollette 

 

I would suggest go through this blog https://radacad.com/what-do-you-need-to-implement-dynamic-row-level-security-in-power-bi

 

Only workspace admin/member can change/update/modify the role, so viewer can not change their roles, they won't see it. As far as I understood your question, it's completely doable. Let me know if this helps. 

 

Message 2 of 6
580 Views
0
MNollette
Regular Visitor
In response to mhossain

‎11-05-2020 12:00 PM

I know *how* to implement row-level security in general, I just don't know if what I described is possible - and if so, how to do it. Good to know on the security front though, thank you for that!

Message 3 of 6
579 Views
0
mhossain
Solution Sage
Solution Sage
In response to MNollette

‎11-05-2020 12:21 PM

@MNollette

Thanks.

On your questions "Is there a way to use RLS to restrict the results that a user can see, based on one of the column values ​​that are returned?"

This is definately doable.

Message 4 of 6
575 Views
0
MNollette
Regular Visitor
In response to mhossain

‎11-05-2020 12:37 PM

Glad to hear it. Not to look a gift horse in the mouth, but any direction on that front by chance? My google-fu isn't the best, but it also isn't the worst, and I've been unable to find anything on it so far.

Message 5 of 6
574 Views
0
mhossain
Solution Sage
Solution Sage
In response to MNollette

‎11-05-2020 08:24 PM

Hello @MNollette 

 

I think it will be helpful you could provide more direction here, maybe dummy example pbix or some screenshots, or wait if somebody comes up with solution.

Message 6 of 6
547 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All