Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fabric Ideas just got better! New features, better search, and direct team engagement. Learn more

RAMUK1

Security - Ability to maintain source security for reports published on BI Sites

Submitted by on ‎03-02-2015 11:53 PM
The general requirement is that visualizations (Power View, SSRS etc...) must not circumvent existing policies, or introduce yet another set of security policies on top of those already implemented at the source. * For example, a visualization of sales data needs to reflect the policy that account managers can only read sales data for their region. * For performance reasons, this is enforced at the source by injecting predicates into the query based on the end users identity. If identities for end users are not passed down the process chain into the data layer, it leaves us little option but to publish individual reports for every region, which results in an explosion of complexity and numbers of reports, or move the whole model to BISM and manage the policy in yet another place (namely the BISM model). Impact blocking migration to SPO/BI Sites. At least 412 Site Collections with more than 600 Power Views. Impacting Adoption or migration for majority of BPUs - e.g. Finance, LCA, HR, etc
Status: Under Review
See more ideas labeled with:
146 Comments (146 New)
Comments
nishalit
New Member
‎08-15-2020 07:15 PM
Hey all! We've continued to make progress here, so I wanted to update this thread with our current capabilities for maintaining security on dashboards/reports. As always, all of this information can be found in our Row-Level Security (RLS)documentation: https://powerbi.microsoft.com/en-us/documentation/powerbi-admin-rls/ > If you have set up RLS in Analysis Services, Power BI will send the signed-in user's credentials to Analysis Services, and respect the RLS rules set up on the on-premises model. > Separately, you can set up RLS in Power BI for data sources that you import or connect to via DirectQuery. This process starts in PBI Desktop, where you define roles, and write DAX to constrain what data these roles can see. As part of this process, can you use the UserPrincipalName () DAX function to get the current signed in user's UPN (e.g. joe@contoso.com). Then, once you publish to service, you can assign users to these roles. Does the above meet your requirements? Please let us know via comments or e-mail. Those of you who requested that the identity of the signed in Power BI user be pass through to Azure SQL, SQL DB, DWH, etc.: we hear you - that is under consideration. Thanks, -Sirui
Rory3
New Member
‎08-15-2020 07:17 PM
Adding row-level security within Power BI would be fantastic. At the moment dax rules could be applied via ssms locally to the designer file. Do these carry over when the designer file is loaded? Even if that was supported it would be something.
derksl
New Member
‎08-15-2020 07:17 PM
I would also love to see row-level security within Power BI. I'm used to creating row/role based security in a tabular model.
derksl
New Member
‎08-15-2020 07:23 PM
I would also love to see row-level security within Power BI. I'm used to creating row/role based security in a tabular model.
Rory3
New Member
‎08-15-2020 07:23 PM
Adding row-level security within Power BI would be fantastic. At the moment dax rules could be applied via ssms locally to the designer file. Do these carry over when the designer file is loaded? Even if that was supported it would be something.
balsamoma
Microsoft Employee
Microsoft Employee
‎08-15-2020 08:41 PM
'This issue applies to Power BI Preview as well for all data sources that support row level security including: - SQL Server DB - SQL Azure - SSAS MDX
Rory3
New Member
‎08-15-2020 08:41 PM
Adding row-level security within Power BI would be fantastic. At the moment dax rules could be applied via ssms locally to the designer file. Do these carry over when the designer file is loaded? Even if that was supported it would be something.
derksl
New Member
‎08-15-2020 08:41 PM
I would also love to see row-level security within Power BI. I'm used to creating row/role based security in a tabular model.
dhartshorn
New Member
‎08-15-2020 08:41 PM
Yes but this eliminates much of the usefulness in regulated environments such as HIPPA and others. It makes this almost useless in any areas with regulation. It can be optional for only those that really need it.
chris_utter
New Member
‎08-15-2020 08:42 PM
On August 19th, 2015 MS announced GA of Row-Level security in SQL Azure Database. See https://msdn.microsoft.com/library/dn765131.aspx for more information