Created by Miki Yanagi, last modified on Nov 18, 2022

Row Level Security (RLS) can be used to restrict access to data in a Power BI report based on a user’s Power BI Service login credentials. The RLS has to be set up on each dataset.

Steps

  1. Open your dataset in Power BI Desktop. Select "Manage Roles" under Modeling tab.
    screenshot of manage roles

  2.  Create a new role:
    1. Click "Create" and name the role
    2. Choose field from the appropriate table
    3. Add DAX expression
    4. Create all of the roles you need
    5. Click "Save"
      screenshot of new role
            
  3. Publish the dataset to Power BI Service.

  4. On Power BI Service, go to the dataset > three ellipse> Security. 
    screenshot PBI service security
  5. Add member's email address or AD Groups to each roles. (All available emails or groups will show up when you start typing. If you don't see group, please contact DARTS@maine.edu .) Users who are not assigned to Security roles in Power BI Service will be able to see all the data in the model.screenshot of row level security on Power BI Service
  6. Test a role
    1. Click the ellipse next to the role
    2. Click "Test as role"
      test as role
    3. It will take you to the report page and show the report with the security role.
      view a report
    4. Save the security setting

       


Using DAX

  • Staff dimension table with a unique key for each staff member [EMP_ID], including managers, directors, etc.
  • Each staff member row should contain a value for their direct supervisor [Manager], if exists. Email addresses [Emp_UserPrincipalName] for each staff member should be included in the table.
  • The Staff table should be joined to relevant employee facts through the unique staff key.

PATH() Function:

Returns a delimited test string with identifiers for all the parents of the current identifier. This will generate the complete organizational hierarchy based on the staff dimension table.
Org Hierarchy = 
PATH(Org[EMP_ID],Org[Manager])

PATHITEM() Function:

Returns the item from the specific position from a string resulting from using he PATH() function. This can be used to identify a specific level in the hierarchy.
Org Level 1 = 
LOOKUPVALUE('Org'[Emp_UserPrincipalName],
'Org'[EMP_ID],
PATHITEM(Org[Org Hierarchy],1,TEXT)
)

USERPRINCIPALNAME() Function:

Returns the user in the format of their user principal name, i.e. test@maine.edu (email address). To test the role, replace the USERPRINCIPALNAME() function with a hardcoded value.

[UserPrincipalName] = userprincipalname()




HELP IS AT HAND!

Link to compose email for help with website.Question, comment, critique? We are here to help and we strive to make our site a comprehensive, user friendly experience. Contact us at DARTS@maine.edu.

Other Resources

Attachments:

image2020-6-4_8-40-51.png (image/png)
image2020-6-4_14-25-45.png (image/png)
image2020-6-4_14-28-14.png (image/png)
image2020-6-4_14-31-57.png (image/png)
image2020-6-4_14-34-3.png (image/png)
image2020-6-4_14-41-23.png (image/png)
image2020-6-4_14-42-20.png (image/png)
image2020-6-4_14-55-40.png (image/png)
image2020-6-4_14-56-57.png (image/png)
Help-button-800px.png (image/png)
UMS&PBI.png (image/png)
image2020-6-30_10-43-37.png (image/png)
image2020-8-19_12-28-59.png (image/png)
image2020-8-24_8-53-35.png (image/png)
image2020-8-24_8-56-29.png (image/png)
image2020-8-24_9-3-43.png (image/png)
image2020-11-4_14-39-29.png (image/png)
image2020-11-4_14-40-45.png (image/png)
image2020-12-14_16-0-18.png (image/png)
image2020-12-14_16-5-14.png (image/png)
image2022-4-8_10-16-20.png (image/png)
image2022-4-8_10-24-18.png (image/png)
image2022-4-8_10-25-8.png (image/png)