Skip to main content
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Frequent Visitor

Role security in SSAS tabular model doesn’t have an effect on APP-workspace and BI desktop


I’ve created a SSAS tabular model 1200 where there are two sets of roles;

  1. Administrator and
  2. Financial

For the moment, I only have one user with ‘Read’ permission in the ‘Financial’ role. The user in the Administrator role has “Administrator” permissions.

I’ve created a PBIX report with Power BI Desktop and that report has been published to an APP-workspace ‘Financial report’ on the Power BI Service.

For the APP ‘Financial report’ on the Power BI Service I’ve given access to the app for 10 users within the company’s domain. The one user with the ‘Read’ permission from the tabular model role is also included and I would expect that only that user would be able to access data when logged in on the Power BI Service but all users that have access to the APP can access all data from the Power BI Service. Since I’m using a LIVE connection I would expect that the security settings was based on the tabular model from the Analysis Services Database and not the settings for the APP.

From Power Desktop I’ve also tried to ‘Get data’ from the Analysis Services Database’ for one user that doesn’t have a role permission on the tabular model and that is also possible which I wouldn’t expect.

When I’m using the ‘Analyze in Excel’ function from Visual Studio I can easily see the effect for the settings for the specific role “Financial”. It works as expected and even though I try the same thing for a user without any permissions, the result is as expected; the user cannot get access to the tabular model.

In conclusion; I have only 1 user in my tabular model and that user has been given ‘Read’ permissions and even though I’ve created a PBIX report with LIVE connection and published that to the Power BI Service APP-workspace, it is still possible for other users that has been given access to the APP to see the data.

Why is it that the security settings in tabular model doesn’t have an effect in the APP-workspace?


Power BI Desktop: Version December 2017

Microsoft Visual Studio 2015 Shell (Integrated): Version 14.0.25420.01 Update 3

Compatibility Level: SQL Server 2016 RTM (1200)

DirectQuery Mode: Off


Thanks in advance


Microsoft Employee
Microsoft Employee



What are the permissions you configured for those users in that App Workspace? 



Hi there

Thanks for the reply!


It's a Danish version of PowerBI Service but hope it's good enough.


I've added two members who can edit the content for the app workspace. One of the members are administrator on the tabular model and the second one has a "Read permission" on the tabular model -  but for the app workspace it's only those two members who can edit the content for the app workspace.


Edit app workspace.png 


For the specific App I've given acces to several users but it's only 1 member from the tabular model (Role settings) that have read permission. The other users within the organisation can acces the power bi content from Power BI Services but since the settings in the tabular model with live connection only has 1 administrator user and 1 read user I wouldn't expect that the others users would be able to see the App content even though they have been given acces as shown below for the specific App.

App access members.png 

It might be that I've missed something but since it's a LIVE connection connected to a tabular model I would expect that all the permissions were granted from within the tabular model?


Thanks in advance



Helpful resources

July 2024 Power BI Update

Power BI Monthly Update - July 2024

Check out the July 2024 Power BI update to learn about new features.

July Newsletter

Fabric Community Update - July 2024

Find out what's new and trending in the Fabric Community.