Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.
Hello,
I'm working on new implementation of PowerBI Service within the company. I would like to ask your advice on how to structure workspaces / datasets for best future extendability having in mind data security.
Company is split into a few departments and each is split into teams.
Projects are assigned to a department level.
Each project has one or more project managers.
There is one workspace where I ingress data from API and transform it.
I created another workspace where I plan to keep some generic datasets.
I created a dataset of employees declarations (work time). The requirement is that top management and some other people should be able to see entire dataset, heads of departments should see only declarations related to department's projects and project manager to see only declarations related to his project. Here is the data model:
Initialy I wanted to have one workspace per department and find a way to create subset of data for each department only. But, I did not find an easy way to filter data into smaller chunks without creating separate data models for each department:
Dataflows -> Generic data model -> Filtered dataset for each department.
Is Row Level Security a way to go here? I plan to create a "security table" with project ids and ids of people with permit to see declarations assigned to a given project. How would that scale if I would like to re-use this dataset for other reports in other workspaces?
Solved! Go to Solution.
@JanKral I would say that RLS is the way to go here and enable datasets to be used cross workspaces. The other route to go would be to create a composite model for each department that leveraged DirectQuery for Power BI Datasets and filtered thing down to the department. But, that wouldn't be true security because they could change the filter and get around it.
@JanKral I would say that RLS is the way to go here and enable datasets to be used cross workspaces. The other route to go would be to create a composite model for each department that leveraged DirectQuery for Power BI Datasets and filtered thing down to the department. But, that wouldn't be true security because they could change the filter and get around it.
Thank you very much. I think I'll go ahead with this solution for now.
For my future reference, is there a way to "push" a dataset into a workspace? So that I could filter / modify data in one workspace and then share it with a team?
Or, is there a way to define RLS per-workspace?