cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fabric is Generally Available. Browse Fabric Presentations. Work towards your Fabric certification with the Cloud Skills Challenge.

Reply
ovonel
Post Prodigy
Post Prodigy

Is hiding tables enough to prevent access?

‎12-28-2022 02:04 AM

I have a typical fact table with dimensions Project, Profit Center, etc

 

In a report, I have a table visual that shows individual numbers; and another table shows the department numbers…

 

It looks something like this:

ovonel_0-1672221542865.png

(Left: personal numbers. Right: department numbers)

 

 

 

My goal is that Tim shouldn’t be able to see someone else’s number, but he definitely can (and should) see the aggregated numbers for his department.

 

I realized that someone accessing from PowerBI or excel can connect to the model and play with the tables, pick another name and see someone else’s number, therefore I have hidden most tables...

 

But now, I just realized, someone with access can connect from Visual Studio to the SSAS:

ovonel_1-1672221573918.png

 

 

 

 

 

The person can open the .bim, unhide all tables, and with the “analyze from excel” option in VS see any numbers…

 

Is there any way to avoid/prevent this?

 

More info:

My model:

ovonel_2-1672221602526.png

(Project table has columns Lead1,Lead2,Lead3,Lead4,Lead5 and Lead6… Engagement Role is just an unpivot of this).

 

 

On my left visual I have:

ovonel_3-1672221622726.png

 

(triggering a more restrictive access).

 

 

My RLS:

ovonel_4-1672221647794.png

 

 

Labels:
Message 1 of 2
193 Views
0
1 ACCEPTED SOLUTION
Greg_Deckler
Super User
Super User

‎12-28-2022 02:54 AM

@ovonel Hiding tables is not a security thing, it is a convenience to make self-service BI a better experience. Hiding tables affords no real security. RLS and OLS are the only real security features. Typically, your type of scenario is done using dynamic RLS where you tie the RLS rules to the user's USERPRINCIPALNAME. The aggregations are stored in a separate table that does not enforce RLS.


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: Mastering Power BI 2nd Edition

DAX is easy, CALCULATE makes DAX hard...

View solution in original post

Message 2 of 2
148 Views
1 REPLY 1
Greg_Deckler
Super User
Super User

‎12-28-2022 02:54 AM

@ovonel Hiding tables is not a security thing, it is a convenience to make self-service BI a better experience. Hiding tables affords no real security. RLS and OLS are the only real security features. Typically, your type of scenario is done using dynamic RLS where you tie the RLS rules to the user's USERPRINCIPALNAME. The aggregations are stored in a separate table that does not enforce RLS.


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: Mastering Power BI 2nd Edition

DAX is easy, CALCULATE makes DAX hard...
Message 2 of 2
149 Views

Helpful resources

Announcements
PBI November 2023 Update Carousel

Power BI Monthly Update - November 2023

Check out the November 2023 Power BI update to learn about new features.

Community News

Fabric Community News unified experience

Read the latest Fabric Community announcements, including updates on Power BI, Synapse, Data Factory and Data Activator.

Dashboard in a day with date

Exclusive opportunity for Women!

Join us for a free, hands-on Microsoft workshop led by women trainers for women where you will learn how to build a Dashboard in a Day!

Power BI Fabric Summit Carousel

The largest Power BI and Fabric virtual conference

130+ sessions, 130+ speakers, Product managers, MVPs, and experts. All about Power BI and Fabric. Attend online or watch the recordings.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All