In the June update of the Power BI Desktop there were some really cool features that were added. I’d encourage you to review the full Power BI blog to see all the June updates. My favorite of all these new features is Row Level Security (RLS) for Power BI. The Power BI team blog didn’t go into any great detail yet (I’d expect a follow up blog from them later) so I thought I may give you a little more context here.
Power BI uses a role based security model, which means you are defining a role and then assigning users to that role. Within that role you can restrict users from seeing all rows within a table or just specific rows. For example, if I want my Southeast sales team to see only their data then I would create a role that uses a DAX filter on the table that defines the sales regions. This will also filter any other table in your model to only return Southeast sales, so long as your data model has relationships defined between these tables. Check out this video to see how it works.
Row Level Security
Step by Step
- To create on a Power BI Solution you will start by going to the Modeling ribbon and then select Manage Roles.
- This will launch the Manage roles window where you will select Create to add a new role.
- After you give the role a new name you can begin assigning DAX filter expressions to it.
- Click the ellipsis next to the table you would like to apply the filter to and then select Add filter.
- If you select Hide all rows then all rows for this table will be hidden (as the name implies) but if you choose a field you can apply a filter to specific values in the table.
- Once you are happy with your selection hit Save.
- To test the security model go back to the Modeling ribbon and select View As Roles.
- Here you can select the role you want to test and then click OK.
- This will filter the result to only show your selected roles filters.
- To stop impersonating this role you can click Stop Viewing to return to seeing the results without this filter applied.
- The next step is to assign users to the roles, which must be done from the Power BI Service
- That means you must deploy your model to the Power BI Service first. To do that go to the Home ribbon and select Publish.
- Once you’ve published to the service login to Power.com and click on the ellipsis next to the dataset you just deployed. In this menu you will select Security.
- Next, select the role you created and enter the email addresses of the users you would like to have the role assigned to. Click Add after you’ve entered all the users.
- Once you click Save on the bottom your security is ready to go!
- To test it out click the ellipsis next to the role name and select Test as role.
- This will allow you to now view reports while impersonating this newly created role.
I hope you like this new features as much as I do. To learn more about Power BI I recommend viewing my Pragmatic Works On Demand Training course called Power BI Desktop and Dashboards.