Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI DataViz World Championships are on! With four chances to enter, you could win a spot in the LIVE Grand Finale in Las Vegas. Show off your skills.

Reply
paullondon
New Member

Access control using organisation Active Directory

‎03-18-2021 04:51 AM

Hi All,

 

A client would like to control access to Power BI using existing Active Directory Roles within their organisation.

 

For example, they could create roles called bi_sales, bi_operations, bi_management. And then tell Power BI to allow access to content (workspace, reports or dashboards) to specific user roles.  This way they do not have to come into Power Bi and Share with specific people.  The publisher/admin would simply publish a report and configure Power BI to allow access to say bi_operations and bi_management only.

 

Is this possible?

 

I understand we could connect to AD and import all users and groups but that is a solution for RLS more than overall access to the content itself.

 

Apologies if this has been covered before.  I am struggling to get a good steer on how this works.

 

Many thanks,

Paul

 

Labels:
Message 1 of 4
2,181 Views
0
1 ACCEPTED SOLUTION
lbendlin
Super User
Super User

‎03-18-2021 12:15 PM

It is possible, at least partially.

You can use AD distribution lists to grant access to apps, reports and dashboards.

You can also use AD distribution lists to control membership in RLS roles (*).  That allows you to fine tune the access not just on report level  but on individual row level.

 

In addition, OLS (object level security) has been announced recently and might also help you control acces on an intermediate level.

 

* (or use AD controlled reference tables with individual access rights) 

View solution in original post

Message 2 of 4
2,155 Views
3 REPLIES 3
lbendlin
Super User
Super User

‎03-24-2021 04:46 AM

Check RADACAD - they have many articles where this topic is covered.

Message 4 of 4
2,130 Views
0
lbendlin
Super User
Super User

‎03-18-2021 12:15 PM

It is possible, at least partially.

You can use AD distribution lists to grant access to apps, reports and dashboards.

You can also use AD distribution lists to control membership in RLS roles (*).  That allows you to fine tune the access not just on report level  but on individual row level.

 

In addition, OLS (object level security) has been announced recently and might also help you control acces on an intermediate level.

 

* (or use AD controlled reference tables with individual access rights) 

Message 2 of 4
2,156 Views
paullondon
New Member
In response to lbendlin

‎03-24-2021 03:51 AM

Many thanks.  Would you have a link to a Doc on this as I cannoot find such examples within the Microsoft Docs.

Message 3 of 4
2,133 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

FebPBI_Carousel

Power BI Monthly Update - February 2025

Check out the February 2025 Power BI update to learn about new features.

Feb2025 NL Carousel

Fabric Community Update - February 2025

Find out what's new and trending in the Fabric community.

View All