I want to be able to share reports built from Tabular models to other users, but I don't want everyone to have access to the models to build their own reports.
As it is right now, if I have granted read access to users on a Tabular model, then when they click on 'get data' and go to SSAS Tabular, they can see every model and make their own reports. Is there a way to allow users to see and interact with reports built from Tabular models, but not access the models via 'get data'?
It sounds like you want to build a dashboard, make sure that the tiles don't link back to the reports and give them read only to the dashboards, then they can see the information but not interact with the data/reports.
Proud to be a Datanaut!
I would like to have the same feature. Some users should not be able to build their own reports.
Have you considered:
- Using perspectives in AS Tabular?
- Integrating row-level based security in Tabular? Then it might not have such a big impact on the users, if they could access the AS tabular cube.
Or is it just a "looks nice"-thing?
I have considered row level security, but the issue stems from a lack for column security. There are many columns of data in our Tabular models that we do not wish to open to users. To implement row security that would address this, we would need to:
a.) Re-configure our existing models with 'daisy chained' dimension tables that we exclude from certain users that contain the sensitive fields. This is not desirable due to the hit that user experience takes.
b.) Create two versions of the same model. One for regular use, the other for restricted.
Neither of these options is desirable. We just want to use one model, but limit users for accessing any of the data via field list or get-data. It seems this is an oversight of Power BI. This kind of security can be easily implemented in SharePoint.
As I said, you could implement perspectives. But you should then make sure that the complete cube should not be visible at all and you will always have the risk. Furthermore, you should then make sure that the reports are build on these perspectives.
In general, the combiniation of:
- using full cube for pre-defined reports
- not using row-level security / general restrictions
- not showing full cube to all users, but only certain columns
is not possible, as far as I know. And to be frank, for me it either seems that you have a break in your security concept or have a mistake in the process.