Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Atlanta from March 16 - 20, 2026, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM. Register now.

Reply
KevinSnow
Frequent Visitor

Trying to hide PII fields using Object Level Security (OLS). What is the best strategy?

‎08-06-2021 10:33 AM

I need to hide Patient Identifiable Information (PII) fields in a model. I understand I can create a "Hide PII" role and then assign PII fields to be hidden based on that role. You can see the steps I did for that below.

However, that means by default; all users can view PII fields. Is it possible to set the default behavior for PII fields to not be visible? Then you explicitly have to grant users/groups access to view PII fields (POLP).  That, or is there a better strategy out there to do this?

 

Thanks in advance!

 

Step 1) Under Manage roles.  Create a role named "Hide PII"

KevinSnow_0-1628270432195.png

Step 2) In Tabular Editor, under OLS set the value to "None" for the Legal First Name column for the Hide PII role

KevinSnow_1-1628270486917.png

Step 3) Select "View as roles" and select "Hide PII"

KevinSnow_2-1628270572811.png

Step 4) Verify the Legal First Name field is hidden

KevinSnow_3-1628270601135.png

 

 

 

 

Labels:
Message 1 of 3
1,573 Views
0
2 REPLIES 2
v-luwang-msft
Community Support
Community Support

‎08-08-2021 11:13 PM

Hi  @KevinSnow ,

You can not only hide tables and columns but also completely hide the model metadata, so your secured tables and columns are obscured in the field list when using reporting tools like Excel or Power BI. A user without permissions cannot access secured metadata objects via DAX or any other method. To viewers that don’t have the requisite permission, the secured tables or columns simply do not exist.

Please refer to the following blog which explains the relevant steps in detail.

Announcing public preview of Object-Level Security in Power BI | Microsoft Power BI Blog | Microsoft...

 

WIsh it is helpful for you!

 

 

Best Regards

Lucien

Message 2 of 3
1,452 Views
0
KevinSnow
Frequent Visitor
In response to v-luwang-msft

‎08-10-2021 12:01 PM

Hi @v-luwang-msft ,
Thank you for the response. I understand that I can hide tables and fields and their metadata by assigning those users to a role, and then in OLS, set it to None for that role on the table or field in question. In other words, by default, a user could see tables and fields that are meant to be secured. Not until they are assigned to a "Hide" like role would the tables and fields in questions be hidden.

My question is, can we change the default behavior so that secured tables and fields are not visible unless you are assigned to a role with permission to view? In other words, anything that is meant to be secured requires you to be assigned to a role with explicit view permissions before you can view it.

Message 3 of 3
1,436 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All