Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
paullondon
New Member

Access control using organisation Active Directory

‎03-18-2021 04:51 AM

Hi All,

 

A client would like to control access to Power BI using existing Active Directory Roles within their organisation.

 

For example, they could create roles called bi_sales, bi_operations, bi_management. And then tell Power BI to allow access to content (workspace, reports or dashboards) to specific user roles.  This way they do not have to come into Power Bi and Share with specific people.  The publisher/admin would simply publish a report and configure Power BI to allow access to say bi_operations and bi_management only.

 

Is this possible?

 

I understand we could connect to AD and import all users and groups but that is a solution for RLS more than overall access to the content itself.

 

Apologies if this has been covered before.  I am struggling to get a good steer on how this works.

 

Many thanks,

Paul

 

Labels:
Message 1 of 4
1,998 Views
0
1 ACCEPTED SOLUTION
lbendlin
Super User
Super User

‎03-18-2021 12:15 PM

It is possible, at least partially.

You can use AD distribution lists to grant access to apps, reports and dashboards.

You can also use AD distribution lists to control membership in RLS roles (*).  That allows you to fine tune the access not just on report level  but on individual row level.

 

In addition, OLS (object level security) has been announced recently and might also help you control acces on an intermediate level.

 

* (or use AD controlled reference tables with individual access rights) 

View solution in original post

Message 2 of 4
1,972 Views
3 REPLIES 3
lbendlin
Super User
Super User

‎03-24-2021 04:46 AM

Check RADACAD - they have many articles where this topic is covered.

Message 4 of 4
1,947 Views
0
lbendlin
Super User
Super User

‎03-18-2021 12:15 PM

It is possible, at least partially.

You can use AD distribution lists to grant access to apps, reports and dashboards.

You can also use AD distribution lists to control membership in RLS roles (*).  That allows you to fine tune the access not just on report level  but on individual row level.

 

In addition, OLS (object level security) has been announced recently and might also help you control acces on an intermediate level.

 

* (or use AD controlled reference tables with individual access rights) 

Message 2 of 4
1,973 Views
paullondon
New Member
In response to lbendlin

‎03-24-2021 03:51 AM

Many thanks.  Would you have a link to a Doc on this as I cannoot find such examples within the Microsoft Docs.

Message 3 of 4
1,950 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All