Adding row-level security to Power BI reports
Part three of a four-part series of blogs

To prevent the wrong people seeing the wrong data in your reports, you can create row-level security (for example, so only the London regional manager can see London data). This blog explains how!

  1. Securing Power BI Reports and Dashboards
  2. Row-level security in Power BI Desktop
  3. Row-level security in Power BI Service (this blog)
  4. Who can see what in your reports

This blog is part of a much longer series, which together comprise a full online training course in Power BI Service.  You can see get details of our classsrom Power BI training courses here.

Posted by Andy Brown on 08 July 2017

You need a minimum screen resolution of about 700 pixels width to see our blogs. This is because they contain diagrams and tables which would not be viewable easily on a mobile phone or small laptop. Please use a larger tablet, notebook or desktop computer, or change your screen resolution settings.

Row-level security in Power BI Service

Assume that you've published the report in the previous part of this blog, complete with Southern and Northern security roles.  What you now need to do is to stop people seeing data that they're not entitled to see.

 Assigning people to roles

It's the underlying datasets which matter for security, so choose to set security for your Venue report dataset:

Setting security for dataset

Select the dataset, and choose this option from its menu.

Select a role, and assign email addresses to it:

Assigning emails to roles

Here we've assigned two email addresses to the Southern manager role.

In addition to email addresses, you can also assign the following (I've taken this information from this Microsoft page):

Roles you can add

From the horse's mouth ...

Testing roles

As in Power BI Desktop, you can test a role in Power BI Service:

Testing as role

Select a role from the dialog box shown above, click on the ellipsis (...) for it and choose to test it.

Power BI Service shows you who you're viewing the report as, and allows you to change this:

Viewing as southern manager

Here we're viewing the report in the Southern manager role, but you can use the dropdown to change this.

Note that you can only see reports using this feature, and not dashboards.

A warning on app workspaces

If you create an app workspace to contain reports, make sure that you give it read-only access:

App workspace read-only

Choose the option shown. If you leave this as the default option Members can edit Power BI content, row-level security will be ignored.

 

Having set up any row-level security you may want, I'll finally look briefly at what underlying data a user can see when you share a report.

This blog has 0 threads Add post