Hi everyone,
I am currently developing a PBI report, but some client requests are causing issues. I'll explain the situation:
Basically, we need to count the rows in the fact table, called Table1, which is the main KPI. The fact table contains three main columns: a date column and two others, which we'll call department and assets (both have associated dimension tables).
We need to ensure that members of each department only have access to the data related to their own department.
Obviously, I have implemented RLS (Row-Level Security); however, the problem arises from one of the client's requests. Although, as I mentioned, the data must be filtered by department, they want a median line to be displayed on a column chart. This median line has three conditions:
- The median line must consider all departments.
- It is not a constant line; it will depend on the date.
- It needs to be dynamic, taking into account the assets.
The main idea is that users from a specific department can compare their own data with the median, but without the ability to see detailed data from other departments.
Initially, I thought giving read access to the report and the semantic model would be sufficient. The idea was the following: I created a copy of the fact table, named Table2, and disconnected this table from the department dimension so that it wouldn’t be affected by RLS. I intended to use Table2 to generate the median line; therefore, users would see the median line while Table1's data would be filtered by RLS, allowing them to see only their own information.
I thought that this approach, along with granting read-only permissions, would ensure the desired conditions and prevent users from accessing information from other departments. However, a few days ago, I came across the following note:
"Granting Read permission without Build permission should not be relied upon to secure sensitive data. Users with Read permission, even without Build permission, are able to access and interact with data in the semantic model."
This comes from a note on Microsoft’s Power BI documentation.
What I understand from this is that users with read permissions can still interact with the data in the semantic model, even without build access. Therefore, in this case, they could access Table2 and potentially see data from other departments.
I have done some verifications, and while I haven’t figured out exactly how to access the information in the semantic model, the note makes it clear that we cannot rely on read permissions as a guaranteed security measure.
I apologize if this explanation is a bit complicated or unclear. Thank you in advance for your understanding!
