I’ve created a SSAS tabular model 1200 where there are two sets of roles;
For the moment, I only have one user with ‘Read’ permission in the ‘Financial’ role. The user in the Administrator role has “Administrator” permissions.
I’ve created a PBIX report with Power BI Desktop and that report has been published to an APP-workspace ‘Financial report’ on the Power BI Service.
For the APP ‘Financial report’ on the Power BI Service I’ve given access to the app for 10 users within the company’s domain. The one user with the ‘Read’ permission from the tabular model role is also included and I would expect that only that user would be able to access data when logged in on the Power BI Service but all users that have access to the APP can access all data from the Power BI Service. Since I’m using a LIVE connection I would expect that the security settings was based on the tabular model from the Analysis Services Database and not the settings for the APP.
From Power Desktop I’ve also tried to ‘Get data’ from the Analysis Services Database’ for one user that doesn’t have a role permission on the tabular model and that is also possible which I wouldn’t expect.
When I’m using the ‘Analyze in Excel’ function from Visual Studio I can easily see the effect for the settings for the specific role “Financial”. It works as expected and even though I try the same thing for a user without any permissions, the result is as expected; the user cannot get access to the tabular model.
In conclusion; I have only 1 user in my tabular model and that user has been given ‘Read’ permissions and even though I’ve created a PBIX report with LIVE connection and published that to the Power BI Service APP-workspace, it is still possible for other users that has been given access to the APP to see the data.
Why is it that the security settings in tabular model doesn’t have an effect in the APP-workspace?
Power BI Desktop: Version December 2017
Microsoft Visual Studio 2015 Shell (Integrated): Version 14.0.25420.01 Update 3
It's a Danish version of PowerBI Service but hope it's good enough.
I've added two members who can edit the content for the app workspace. One of the members are administrator on the tabular model and the second one has a "Read permission" on the tabular model - but for the app workspace it's only those two members who can edit the content for the app workspace.
For the specific App I've given acces to several users but it's only 1 member from the tabular model (Role settings) that have read permission. The other users within the organisation can acces the power bi content from Power BI Services but since the settings in the tabular model with live connection only has 1 administrator user and 1 read user I wouldn't expect that the others users would be able to see the App content even though they have been given acces as shown below for the specific App.
It might be that I've missed something but since it's a LIVE connection connected to a tabular model I would expect that all the permissions were granted from within the tabular model?