Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
POSPOS
Post Partisan
Post Partisan

How to implement object level security which will also be applied on personalize visual

‎11-06-2025 01:37 PM

Hi All,

I have a reqiuirement to implement page level security and object level security and also enable "personalise this visual" feature. I implemented page level security + personalise this feature using perspectives in TMDL, that is , if a user logs in , they see the page they have access to and when they click on "personalise this visual", they will see only the table relevant to that page. This works fine.

 

Now my requirement is to implement obj level security, eg we need to hide an object based on user login, and the same object should also be hidden from the table when user clicks on "personlise this visual".

Note: I cannot use Tabular Editor.

Can someone suggest how this can be achieved?

Thank you.

Labels:
Message 1 of 8
511 Views
0
1 ACCEPTED SOLUTION
Zanqueta
Solution Sage
Solution Sage
In response to POSPOS

‎11-07-2025 07:53 AM

Hi @POSPOS, thank you for you feedback.

Unfortunately, OLS does this with objects. I always think of it in the context of data consumption via dataset, connecting an Excel file, for example. In a single pbix file, what I would suggest in your case is:

1) Hide the column or entire salary table from all users.

2) Have a metric in DAX that calculates the salary but within it a variable that allows a certain group to see or not see the value.

 

.UserPermissionSalary = 
var us = USERPRINCIPALNAME()
return
LOOKUPVALUE(dim_PermissionSalary[mail],dim_PermissionSalary[mail],us,BLANK())

 

TheSalary = 
var salary = SUM(Salary[Salary])
var alowed = [.UserPermissionSalary]
RETURN
IF(ISBLANK([.UserPermissionSalary]),BLANK(),salary)

 

I made a sample file. I hope it helps.

 

If it works, please give me a KUDO and mark the solution as the answer to help other users.

User04.png

User01.png

zanqueta001_0-1762531080960.png


Pbix File: https://drive.google.com/file/d/1Xbnce-WL2qg1O4SQZHU6xGI0tkOizyfU/view?usp=sharing

View solution in original post

Message 5 of 8
395 Views
0
7 REPLIES 7
v-sshirivolu
Community Support
Community Support

‎11-09-2025 09:39 PM

Hi @POSPOS ,

I would also take a moment to thank @Zanqueta , for actively participating in the community forum and for the solutions you’ve been sharing in the community forum. Your contributions make a real difference.
 

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions

 

Message 8 of 8
321 Views
0
Zanqueta
Solution Sage
Solution Sage

‎11-07-2025 03:27 AM

Hello @POSPOS,

Since Tabular Editor is not an option, the best route is to continue using TMDL (Tabular Model Definition Language), which allows you to define:

Perspectives = control what appears in the UI (including “Personalise this visual”).
DAX Roles = control access to objects (Object Level Security - OLS).

Steps to Implement Object-Level Security with TMDL

  1. reate roles using DAX in your TMDL file:
     
    {
  "name": "SalesManager",
  "expression": "USERPRINCIPALNAME() = \"sales.manager@company.com\""
}
  2. Define object visibility (columns, measures) per role: In TMDL, you can use the isHidden property within the table or measure definition, combined with objectLevelSecurity.
    Example:
     
     
{
  "name": "Revenue",
  "isHidden": true,
  "objectLevelSecurity": {
    "SalesManager": "None"
  }
}

This hides the Revenue measure for users not in the SalesManager role.


Update Perspectives: Ensure that the perspective used for each page excludes objects that should be hidden for certain users.

Important Notes

  • OLS does not prevent data loading, it only hides objects from the model.
  • Combining perspectives + OLS ensures that the user:
    • Only sees allowed objects in the UI.
    • Cannot access hidden objects via DAX or “Personalise this visual”.

 

Official References

If this answer solved your issue, please mark it as correct to help other community members.

Message 3 of 8
417 Views
0
POSPOS
Post Partisan
Post Partisan
In response to Zanqueta

‎11-07-2025 06:36 AM

@Zanqueta  - Thank you for your response.

I tried to implement object level security using TMDL. 

1) Eg: I applied the security on the field "Salary". so anyone who is assigned to the RLS, should not be seeing Salary. with this approach all the visuals that has salary field is breaking. The expectation is that they should be seeing other field and only Salary field should be hidden.

2)Ensure that the perspective used for each page excludes objects that should be hidden for certain users. -- Can you please let me know how this can be done?

I have a page and I will be assigned two groups of users to this page. First group who should be seeing salary and second group who should not see salary. How can we dynamically control this?

Message 4 of 8
406 Views
0
Zanqueta
Solution Sage
Solution Sage
In response to POSPOS

‎11-07-2025 07:53 AM

Hi @POSPOS, thank you for you feedback.

Unfortunately, OLS does this with objects. I always think of it in the context of data consumption via dataset, connecting an Excel file, for example. In a single pbix file, what I would suggest in your case is:

1) Hide the column or entire salary table from all users.

2) Have a metric in DAX that calculates the salary but within it a variable that allows a certain group to see or not see the value.

 

.UserPermissionSalary = 
var us = USERPRINCIPALNAME()
return
LOOKUPVALUE(dim_PermissionSalary[mail],dim_PermissionSalary[mail],us,BLANK())

 

TheSalary = 
var salary = SUM(Salary[Salary])
var alowed = [.UserPermissionSalary]
RETURN
IF(ISBLANK([.UserPermissionSalary]),BLANK(),salary)

 

I made a sample file. I hope it helps.

 

If it works, please give me a KUDO and mark the solution as the answer to help other users.

User04.png

User01.png

zanqueta001_0-1762531080960.png


Pbix File: https://drive.google.com/file/d/1Xbnce-WL2qg1O4SQZHU6xGI0tkOizyfU/view?usp=sharing

Message 5 of 8
396 Views
0
POSPOS
Post Partisan
Post Partisan
In response to Zanqueta

‎11-07-2025 09:04 AM

@Zanqueta  - Thanks for the details steps.

Below are the RLS I have created. Now, each of the RLS has a different security check.. And many user groups are assigned to each of these roles.. Out of the list, my requirement is to hide the salary info to the users that are assigned to RLS_FM(from below screenshot).

RLS_FM has access to Page 1 and RLS_GM also has access to Page 1 of the dashboard. Here, I want users assigned to RLS_FM to have access to Salary and RLS_GM should not see salary.. 

Also, RLS_FM should see salary from "personalise this visual" and RLS_GM should not see it.

Can you suggest how this will work with the measure.

 

Also, in future we may have requirement to hide dimnesions as well, eg: Date of Birth, can this be achieved as well with measure. Please suggest.

 

 

POSPOS_0-1762534782577.png

 

Thank you.

 

Message 6 of 8
386 Views
0
Zanqueta
Solution Sage
Solution Sage
In response to POSPOS

‎11-07-2025 09:35 AM

Hi @POSPOS,

I think we are mixing concepts here. RLS with OLS. PowerBI does not currently control access by pages. One option is to think of a metric that makes navigation based on user control. But again, this does not guarantee restriction, it is just a way to guide user navigation.
To control who should or should not see salaries, simply enter those who can see the metric in an auxiliary table, as I sent in the template file. This was the best solution I found.
If your control is too complex to go beyond restricting salaries, I suggest you follow @lbendlin  suggestion and separate semantic models for different audiences.

 

Message 7 of 8
376 Views
lbendlin
Super User
Super User

‎11-06-2025 03:51 PM

Page Level Security does not exist.

 

The better alternative to OLS is to use separate semantic models for different audiences.

Message 2 of 8
459 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All