Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hi all,
My client users are currently on Office365 subscription. We are implementing a PowerBI solution for them. They do not have any Active Directory server to store their credentials.
Now there's a gap on the security. We need to setup the security matrix to define who can and cannot see what kind of content in the tabular data model. Basically, a role based security.
Anyone has any idea or suggestion on how we can implement this?
Thanks and much appreciated.
@Anonymous
The role-based security has to be activated in the backend (in the source itself) and the users would have to use the database authorization instead of the windows authentication, if I am not mistaken.
This seems hard to replicate, as in Power BI you are using personal accounts tied to your personal mailadress/id within the organisation.
How do they use PowerBI right now, if they do not have an Active Directory?
@Anonymous
I have not tested the integration of O365 and the AD itself, but usually, if you subscribe with the same mailadress, i would assume that their is some kind of integration. Have you tried to search for the users when enabling the row-level security? How do you logon to your servers? With the localhost\xxx users? 😮
Regarding Azure Sequel DB / Backend Security: You have to enable the row-level based security in the SQL DB itself. Power BI does not (as far as I know) offer any additional security layer for the database. The user authenticates with his O365-account towards Power BI and then authenticates against the source.
One remark from my side: If you talk about SSAS Tabular I would assume that you use the SSAS Tabular Server (via live connect) and not an integration of Azure SQL DB (live connect / data import), as you had written. For both Row-level based security should be possible.
Sorry that I can not confirm your approach, but my knowledge of O365<>AD is limited.
@Anonymous Row-level Security also works directly in Azure Sequel DB, you do not need an SSAS Tabular for that.
https://msdn.microsoft.com/en-us/library/dn765131.aspx
If this would be the only reason for SSAS Tabular, I would try to stress your pro- and con-arguments a bit more. SSAS Tabular hardware can be costly (lots of cores, lots of RAM). It might be cheaper to use the PBI WebService PaaS (=import data, model in a file, upload to Power BI, establish gateway => as soon as live connect works better [measures, calc. columns] => rebuild model live connect)
@Anonymous did you manage to solve this as we're trying to accomplish the same task?
Thanks! 🙂
Hi @jldaley86,
Nope. We suggested something else to the client.
However, I have an idea on how to implement this but yet to try it out myself yet.
Firstly, understand this, in order for SSAS role based security to work, it will require to authenticate the users in Active Directory. So, a sync between Active Directory and the Office365 is needed. If client does not have AD server, you would probably need to advise them to get a cheap server, or install the AD into the MS SQL Server machine (or Azure VM if all cloud based solution). Use the Azure Active Directory Sync to sync the O365 users with the local machine or Azure VM AD machine.
Once it's sync, the AD will know how to link the O365 users. In SSAS role based security, define the role security accordingly to the model. Then install and configure the Enterprise Gateway to allow PowerBI to authenticate with the SSAS model.
When an O365 login and access the SSAS model through PowerBI, the SSAS will authenticate with the AD by checking the O365 email account to determine it's user and it's role based security in SSAS.
I'm not sure whether this might work or not. Still yet to try it out. Hopefully you are able to try it out and let me know if it works. 🙂
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
101 | |
52 | |
21 | |
12 | |
11 |