Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
KevinSnow
Frequent Visitor

Trying to hide PII fields using Object Level Security (OLS). What is the best strategy?

‎08-06-2021 10:33 AM

I need to hide Patient Identifiable Information (PII) fields in a model. I understand I can create a "Hide PII" role and then assign PII fields to be hidden based on that role. You can see the steps I did for that below.

However, that means by default; all users can view PII fields. Is it possible to set the default behavior for PII fields to not be visible? Then you explicitly have to grant users/groups access to view PII fields (POLP).  That, or is there a better strategy out there to do this?

 

Thanks in advance!

 

Step 1) Under Manage roles.  Create a role named "Hide PII"

KevinSnow_0-1628270432195.png

Step 2) In Tabular Editor, under OLS set the value to "None" for the Legal First Name column for the Hide PII role

KevinSnow_1-1628270486917.png

Step 3) Select "View as roles" and select "Hide PII"

KevinSnow_2-1628270572811.png

Step 4) Verify the Legal First Name field is hidden

KevinSnow_3-1628270601135.png

 

 

 

 

Labels:
Message 1 of 3
707 Views
0
2 REPLIES 2
v-luwang-msft
Community Support
Community Support

‎08-08-2021 11:13 PM

Hi  @KevinSnow ,

You can not only hide tables and columns but also completely hide the model metadata, so your secured tables and columns are obscured in the field list when using reporting tools like Excel or Power BI. A user without permissions cannot access secured metadata objects via DAX or any other method. To viewers that don’t have the requisite permission, the secured tables or columns simply do not exist.

Please refer to the following blog which explains the relevant steps in detail.

Announcing public preview of Object-Level Security in Power BI | Microsoft Power BI Blog | Microsoft...

 

WIsh it is helpful for you!

 

 

Best Regards

Lucien

Message 2 of 3
586 Views
0
KevinSnow
Frequent Visitor
In response to v-luwang-msft

‎08-10-2021 12:01 PM

Hi @v-luwang-msft ,
Thank you for the response. I understand that I can hide tables and fields and their metadata by assigning those users to a role, and then in OLS, set it to None for that role on the table or field in question. In other words, by default, a user could see tables and fields that are meant to be secured. Not until they are assigned to a "Hide" like role would the tables and fields in questions be hidden.

My question is, can we change the default behavior so that secured tables and fields are not visible unless you are assigned to a role with permission to view? In other words, anything that is meant to be secured requires you to be assigned to a role with explicit view permissions before you can view it.

Message 3 of 3
570 Views
0

Helpful resources

Announcements
Europe Fabric Conference

Europe’s largest Microsoft Fabric Community Conference

Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.

RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel1

Power BI Monthly Update - May 2024

Check out the May 2024 Power BI update to learn about new features.

View All