Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
Viktorija07
New Member

Power BI security levels

‎04-08-2024 05:53 AM

In a past few weeks I have been learning about Power BI Security, and now I am so confused.

We have Azure security with many informations: https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/power-bi-security-baseline

 

Then we have the security in Power BI:
Row-level security and object- level security which I can unserstand (I've watched some Youtube detailed courses about those).

 

But do we have some other securities, and if we do can someone explain it a little bit more because I am confused on how many layers of security do we have? Am I missing some security component?

 

Please don't share Microsoft Learning page because it doesn't help me a lot, thank you.

Labels:
Message 1 of 4
1,274 Views
0
1 ACCEPTED SOLUTION
Brunner_BI
Super User
Super User

‎04-08-2024 06:36 AM

I can explain some basics regarding Power BI.

 

All local Power BI files are secured on those clients obviously.

 

When you upload a file to the Power BI Service (app.powerbi.com) - the reports and semantic models will live in a workspace. A workspace is like a folder where you can apply permissions to access.

 

You can also build apps (mostly used for distributing reports with a big audience) or even share reports and models individually (without granting workspace level permission).

 

All of the mentioned above I would call security on an artifact level (either you have access or you dont)

 

Then we also have more granular security e.g. row-level security.

Even though 100 people have access to a report, app or a model, they might not be allowed to see all data. This is where we can apply RLS (row-level security).

You can build these RLS roles in Power BI Desktop and then assign users or Entra groups to these roles. 

E.g. Region = "West" so that some people only see data for this region.

 

Object-level security is when you want to hide one KPI e.g. inside a visual - it is not used as much as RLS.

 

Let me know if that helps you understand a little better how it works in Power BI.

------------------------------------
Brunner BI focusing on Microsoft Power BI development and consulting
Developers of external tool "Measure Killer"
My blog

View solution in original post

Message 2 of 4
1,253 Views
3 REPLIES 3
Brunner_BI
Super User
Super User

‎04-08-2024 06:36 AM

I can explain some basics regarding Power BI.

 

All local Power BI files are secured on those clients obviously.

 

When you upload a file to the Power BI Service (app.powerbi.com) - the reports and semantic models will live in a workspace. A workspace is like a folder where you can apply permissions to access.

 

You can also build apps (mostly used for distributing reports with a big audience) or even share reports and models individually (without granting workspace level permission).

 

All of the mentioned above I would call security on an artifact level (either you have access or you dont)

 

Then we also have more granular security e.g. row-level security.

Even though 100 people have access to a report, app or a model, they might not be allowed to see all data. This is where we can apply RLS (row-level security).

You can build these RLS roles in Power BI Desktop and then assign users or Entra groups to these roles. 

E.g. Region = "West" so that some people only see data for this region.

 

Object-level security is when you want to hide one KPI e.g. inside a visual - it is not used as much as RLS.

 

Let me know if that helps you understand a little better how it works in Power BI.

------------------------------------
Brunner BI focusing on Microsoft Power BI development and consulting
Developers of external tool "Measure Killer"
My blog
Message 2 of 4
1,254 Views
Viktorija07
New Member
In response to Brunner_BI

‎04-08-2024 11:56 PM

It helps me understand it better.

When you said: "You can also build apps (mostly used for distributing reports with a big audience)" you mean PowerApps app?

User needs to have Power BI license to see workspace/reports/models if I shared those with them?

Do you know if I use something in Power BI that is from ERP (Dynamics 365 F&O), does the user need license for both Power BI and ERP? Can they have only Power BI license to see workspace, models and reports?

Message 3 of 4
1,216 Views
0
Brunner_BI
Super User
Super User
In response to Viktorija07

‎04-09-2024 03:31 AM

By apps I mean an app inside Power BI which is one or a collection of reports.

You can see it on the left in the main navigation when you are in the Power BI Service.

Every user who wants to consume or is being shared something needs a license - unless you buy a Premium Capacity which is expensive.

Only if you have Office 365 E5 the Power BI Pro license is included.

If a user has no license they can only see their "My workspace"

------------------------------------
Brunner BI focusing on Microsoft Power BI development and consulting
Developers of external tool "Measure Killer"
My blog
Message 4 of 4
1,208 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All