Role security in SSAS tabular model doesn’t have a...

tdga · ‎12-12-2017

Hi

I’ve created a SSAS tabular model 1200 where there are two sets of roles;

Administrator and
Financial

For the moment, I only have one user with ‘Read’ permission in the ‘Financial’ role. The user in the Administrator role has “Administrator” permissions.

I’ve created a PBIX report with Power BI Desktop and that report has been published to an APP-workspace ‘Financial report’ on the Power BI Service.

For the APP ‘Financial report’ on the Power BI Service I’ve given access to the app for 10 users within the company’s domain. The one user with the ‘Read’ permission from the tabular model role is also included and I would expect that only that user would be able to access data when logged in on the Power BI Service but all users that have access to the APP can access all data from the Power BI Service. Since I’m using a LIVE connection I would expect that the security settings was based on the tabular model from the Analysis Services Database and not the settings for the APP.

From Power Desktop I’ve also tried to ‘Get data’ from the Analysis Services Database’ for one user that doesn’t have a role permission on the tabular model and that is also possible which I wouldn’t expect.

When I’m using the ‘Analyze in Excel’ function from Visual Studio I can easily see the effect for the settings for the specific role “Financial”. It works as expected and even though I try the same thing for a user without any permissions, the result is as expected; the user cannot get access to the tabular model.

In conclusion; I have only 1 user in my tabular model and that user has been given ‘Read’ permissions and even though I’ve created a PBIX report with LIVE connection and published that to the Power BI Service APP-workspace, it is still possible for other users that has been given access to the APP to see the data.

Why is it that the security settings in tabular model doesn’t have an effect in the APP-workspace?

Power BI Desktop: Version December 2017

Microsoft Visual Studio 2015 Shell (Integrated): Version 14.0.25420.01 Update 3

Compatibility Level: SQL Server 2016 RTM (1200)

DirectQuery Mode: Off

Thanks in advance

TDGA

v-sihou-msft · ‎12-15-2017

@tdga

What are the permissions you configured for those users in that App Workspace?

Regards,

tdga · ‎12-15-2017

Hi there

Thanks for the reply!

It's a Danish version of PowerBI Service but hope it's good enough.

I've added two members who can edit the content for the app workspace. One of the members are administrator on the tabular model and the second one has a "Read permission" on the tabular model - but for the app workspace it's only those two members who can edit the content for the app workspace.

For the specific App I've given acces to several users but it's only 1 member from the tabular model (Role settings) that have read permission. The other users within the organisation can acces the power bi content from Power BI Services but since the settings in the tabular model with live connection only has 1 administrator user and 1 read user I wouldn't expect that the others users would be able to see the App content even though they have been given acces as shown below for the specific App.

It might be that I've missed something but since it's a LIVE connection connected to a tabular model I would expect that all the permissions were granted from within the tabular model?

Thanks in advance

/TDGA

Role security in SSAS tabular model doesn’t have an effect on APP-workspace and BI desktop

Helpful resources

Microsoft Fabric Learn Together

Power BI Monthly Update - April 2024

Fabric Community Update - April 2024