Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
edwardrmiles
Helper III
Helper III

How do you avoid exposing data that's sensitive when personally identifiable?

‎09-15-2016 08:18 AM

I'm interested to hear any approaches I can use to avoid exposing data that's sensitive when personally identifiable but analytically interesting when aggregated

 

It's easy enough to remove or mask user names etc. but when you start applying filters on a set of data it's easy to imagine scenarios problems.  For example, say I have HR data with an Average Pay measure, and I add a filter for Department and Role. If there are any roles in a given department being performed by one employee (quite a common scenario) then the Average Pay measure is in fact that individuals pay, and that exposes sensitive data.

 

Thus far the only solution I have come up with is to add a condition in a measure that returns blank if disticnt count of masked user identifiers is below a threshold (and hiding from report view the column). Something like this:

 

Average Pay:= IF( DISTINCTCOUNT([MaskedUserId]) < 10, BLANK(), AVERAGE('HrData'[Pay]) )

 

Does anyone have a more elegant / comprehensive solution? In particular this only works where users aren't allowed to edit the report

 

Thanks!

 

 

Labels:
Message 1 of 2
1,077 Views
0
1 REPLY 1
v-haibl-msft
Microsoft Employee
Microsoft Employee

‎09-15-2016 08:40 PM

@edwardrmiles

 

I think you can also try to use Row-level security (RLS). Just give a simple sample as below.

Assuming we have a similar table like below. We can create a calculated column to get the role count in one department.

RoleCount_Per_Depart = 
CALCULATE ( COUNTROWS ( Table1 ), ALLEXCEPT ( Table1, Table1[Department] ) )

How do you avoid exposing data that's sensitive when personally identifiable_1.jpg

 

Then we can create a non-admin role which can only see the data that belong to those departments which have more than 1 employee.

How do you avoid exposing data that's sensitive when personally identifiable_2.jpg

 

After publish to PBI Service, we can configure RLS to include ordinary employee into the Non-Admin group. Then employees in this group will not be able to see the data that belong to those departments which have only 1 employee.

How do you avoid exposing data that's sensitive when personally identifiable_4.jpg

How do you avoid exposing data that's sensitive when personally identifiable_5.jpg

 

Best Regards,

Herbert

Message 2 of 2
1,043 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All