Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
new2pbix
Frequent Visitor

Row Level Security that follows new reports

‎09-08-2022 12:17 PM

Hello. Before I get started with my complex request, I will say I have exhausted bing, google, and youtube before posting here. Also due to the nature of my work I cannot supply examples or screenshots, but I can easily describe my problem. I hope there is a low overhead solution:

 

My team uses PowerBI Desktop to produce a report on a weekly basis. We publish a report with a dated filename every Monday. 

(20220822_ReportName.pbix, 20220829_Report.pbix, 20220905_Report.pbix, etc). With these examples, on 8/29, we take the 8/22 report, save it as a new copy: 8/29, refresh data. Save, and Publish to the Service for consumption by Leadership. We have multiple reports available and we archive for historical purposes. We also archive the pbix file so that if someone needs a tweek made to a published report, we can do it with the pbix file that is at the refreshed state of the time of publish. Otherwise we would have to strip out loads of newer backend data to refresh a newer pbix to only show the older data... Yeah that part might be a little confusing... but each published file comes from a copy of the previous pbix but refreshed data of the current week. Next week will be this week's pbix, saved as next weeks date and then refreshed with next weeks updated backend files. This week's file stays this weeks data for historical purposes. 
I have implemented ROW Level security on the Service to allow an access list to be created on the relevant dataset so that people in different departments can see only their department's data within the reports and drill throughs. 

My problem starts here. When I make a copy of last weeks pbix (to preserve the "manage roles"), refresh my report and publish as this weeks report, I have to go into the service and completely rebuild my Access list on the new dataset. 

My access list is over 70 people. There has GOT to be a way carry this security access list forward to the newer dataset without having to re-invent the list?  Ive seen some talk about dynamic row level security but its my understanding that it would check some sort of 3rd party access list to validate? and this is not available for my situation. Thanks!

Labels:
Message 1 of 3
333 Views
0
1 ACCEPTED SOLUTION
v-jingzhang
Community Support
Community Support

‎09-09-2022 02:54 AM

Hi @new2pbix 

 

If you publish a pbix with a different name every time, it generates a new dataset in the service. You need to implement RLS security for the new dataset on the Service. This is by design. Dynamic Row Level is applied in a single dataset just like the static RLS, so it is not applicable in your case. 

 

I wonder how many roles are created in the pbix? If there are only several roles, for example, 5 roles, you can create 5 Security Groups in your organization that every group is for a specific role. Then distribute 70 members to the corresponding groups. When you manage security access list in the service, you just need to add 5 groups to their related roles. Members in a group will have role that their group is added to. This will be simpler than managing lists of 70 people. 

 

You can use the following groups to set up row level security.

  • Distribution Group
  • Mail-enabled Group
  • Security Group

Note, however, that Office 365 groups are not supported and cannot be added to any roles.

 

See Add members section in Row-level security (RLS) with Power BI - Power BI | Microsoft Docs

Compare groups - Microsoft 365 admin | Microsoft Docs

 

Best Regards,
Community Support Team _ Jing
If this post helps, please Accept it as Solution to help other members find it.

View solution in original post

Message 2 of 3
293 Views
0
2 REPLIES 2
v-jingzhang
Community Support
Community Support

‎09-09-2022 02:54 AM

Hi @new2pbix 

 

If you publish a pbix with a different name every time, it generates a new dataset in the service. You need to implement RLS security for the new dataset on the Service. This is by design. Dynamic Row Level is applied in a single dataset just like the static RLS, so it is not applicable in your case. 

 

I wonder how many roles are created in the pbix? If there are only several roles, for example, 5 roles, you can create 5 Security Groups in your organization that every group is for a specific role. Then distribute 70 members to the corresponding groups. When you manage security access list in the service, you just need to add 5 groups to their related roles. Members in a group will have role that their group is added to. This will be simpler than managing lists of 70 people. 

 

You can use the following groups to set up row level security.

  • Distribution Group
  • Mail-enabled Group
  • Security Group

Note, however, that Office 365 groups are not supported and cannot be added to any roles.

 

See Add members section in Row-level security (RLS) with Power BI - Power BI | Microsoft Docs

Compare groups - Microsoft 365 admin | Microsoft Docs

 

Best Regards,
Community Support Team _ Jing
If this post helps, please Accept it as Solution to help other members find it.

Message 2 of 3
294 Views
0
new2pbix
Frequent Visitor
In response to v-jingzhang

‎09-09-2022 04:44 AM

Thanks for your reply. This is very thorough and informative. Exactly the answer I needed, even though I cannot implement it in my environment. Ive tested and determined that the only way to get where I need to be on this is to publish a report and overwrite that report every week so that the security settings are retained on the single dataset. 

Message 3 of 3
278 Views

Helpful resources

Announcements
Europe Fabric Conference

Europe’s largest Microsoft Fabric Community Conference

Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.

RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel1

Power BI Monthly Update - May 2024

Check out the May 2024 Power BI update to learn about new features.

View All