Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
ranbeermakin
Resolver III
Resolver III

Question on Row Level Security in Power BI for large user base

‎05-31-2018 05:43 AM

My customer scenario

Power BI P1 Premium license
16 million records data stored in mysql

 

Users have access to specific accounts and specific Power BI Reports only.
Users will access to Power BI reports using Power BI Embedded.

 

Example:

User 1 to User 20 have access to Power BI report 1
User 20 to User 100 have access to Power BI report 2
User 100 to User 4000 have access to Power BI report 3


User 1 has access to 10 accounts, user 2 has access to 5 accounts, and so on.

 

The customer wants to apply row level security. If User 1 logs in he/she should be seeing only his/her 10 accounts. Our custom application will take care of redirecting him to Power BI Report 1.

 

Here's what I'm thinking how will we tackle this, along with some questions:

 

1. I assume there is not direct connection to mysql. So we need to import that much data. We also need to create a user-account mapping in Power BI model for applying RLS in power bi.

2. We need to configure roles in Power BI Desktop and publish to powerbi.com
3. Add users to these roles in Power BI service for this data set.

 

We have 4000 users should we add all these in Power BI service? I think it is limited by 1000 users only.
I suspect we have to create groups?
But groups should be at what level? Since our security is based on user level. Not manager or region level.

What groups are these Office 365 groups? AD groups?

Can I leave those roles in Power BI service and do not add any users? And configure my role in Desktop using USERNAME() DAX FUNCTION?

 

4. Create new Power BI Reports (2 and 3) from this data set by using GetData->"Power BI datasets"

Publish these reports in PowerBI.com

Do I need to setup roles in this report as well? I assume yes.
What is the alternative to not setup roles?

 

Since RLS is already configured on this dataset I assume the security on new reports will automatically work.

Who accesses which report is governed by our custom application.

 

Can somebody in the community let me know answers to my questions, and correct my understanding?

 

Alternatively, do you recommend us to go with Analysis Services which takes care of such type of security automatically? Like I don't need to add 4000 users in my roles.

Can this be tackled by SQL directly? I pass user name to my direct query and it loads only specific dataset?

 

Appreciate some help on this.

 

Thanks,
Ranbeer Makin

 

 

Labels:
Message 1 of 3
2,012 Views
0
2 ACCEPTED SOLUTIONS
ranbeermakin
Resolver III
Resolver III

‎05-31-2018 06:52 AM

I have answers to some of these questions

 

1. You need O365 security group. I cannot seem to add distribution group.

2. We need not define roles in all the reports when pulling data using GetData->Power BI data sets (PowerBI will not allow you to add the roles, it will be disabled)

3. We however, need to put O365 security group when configuring roles in Power bi service for that dataset.

 

When configured like this, it works like a charm.

 

Best,

Ranbeer

View solution in original post

Message 2 of 3
2,121 Views
0
v-yuezhe-msft
Employee
Employee

‎06-01-2018 01:37 AM

@ranbeermakin,

I would recommend you import data from MySQL to SSAS, then implement dynamic row level with Analysis Service tabular model following  the guide in the article below.

https://docs.microsoft.com/en-us/power-bi/desktop-tutorial-row-level-security-onprem-ssas-tabular

Regards,
Lydia

Community Support Team _ Lydia Zhang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 3 of 3
2,115 Views
0
2 REPLIES 2
v-yuezhe-msft
Employee
Employee

‎06-01-2018 01:37 AM

@ranbeermakin,

I would recommend you import data from MySQL to SSAS, then implement dynamic row level with Analysis Service tabular model following  the guide in the article below.

https://docs.microsoft.com/en-us/power-bi/desktop-tutorial-row-level-security-onprem-ssas-tabular

Regards,
Lydia

Community Support Team _ Lydia Zhang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 3 of 3
2,116 Views
0
ranbeermakin
Resolver III
Resolver III

‎05-31-2018 06:52 AM

I have answers to some of these questions

 

1. You need O365 security group. I cannot seem to add distribution group.

2. We need not define roles in all the reports when pulling data using GetData->Power BI data sets (PowerBI will not allow you to add the roles, it will be disabled)

3. We however, need to put O365 security group when configuring roles in Power bi service for that dataset.

 

When configured like this, it works like a charm.

 

Best,

Ranbeer

Message 2 of 3
2,122 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All