Skip to main content
Microsoft Idea

    Power BI

    Under Review

    Security - Ability to maintain source security for reports published on BI Sites

    Vote (1829) Share
    Ramu Kodemala's profile image

    Ramu Kodemala on 03 Mar 2015 07:53:46

    The general requirement is that visualizations (Power View, SSRS etc...) must not circumvent existing policies, or introduce yet another set of security policies on top of those already implemented at the source.

    * For example, a visualization of sales data needs to reflect the policy that account managers can only read sales data for their region.
    * For performance reasons, this is enforced at the source by injecting predicates into the query based on the end users identity. If identities for end users are not passed down the process chain into the data layer, it leaves us little option but to publish individual reports for every region, which results in an explosion of complexity and numbers of reports, or move the whole model to BISM and manage the policy in yet another place (namely the BISM model).

    Impact
    blocking migration to SPO/BI Sites. At least 412 Site Collections with more than 600 Power Views. Impacting Adoption or migration for majority of BPUs - e.g. Finance, LCA, HR, etc

    Administrator on 16 Aug 2020 02:15:30

    Hey all! We've continued to make progress here, so I wanted to update this thread with our current capabilities for maintaining security on dashboards/reports. As always, all of this information can be found in our Row-Level Security (RLS)documentation: https://powerbi.microsoft.com/en-us/documentation/powerbi-admin-rls/ > If you have set up RLS in Analysis Services, Power BI will send the signed-in user's credentials to Analysis Services, and respect the RLS rules set up on the on-premises model. > Separately, you can set up RLS in Power BI for data sources that you import or connect to via DirectQuery. This process starts in PBI Desktop, where you define roles, and write DAX to constrain what data these roles can see. As part of this process, can you use the UserPrincipalName () DAX function to get the current signed in user's UPN (e.g. joe@contoso.com). Then, once you publish to service, you can assign users to these roles. Does the above meet your requirements? Please let us know via comments or e-mail. Those of you who requested that the identity of the signed in Power BI user be pass through to Azure SQL, SQL DB, DWH, etc.: we hear you - that is under consideration. Thanks, -Sirui

    Comments (145)
    Ramu Kodemala's profile image Profile Picture

    Power BI User on 16 Aug 2020 03:48:15

    RE: Security - Ability to maintain source security for reports published on BI Sites

    Any update on adding role based security in PowerBI?

    Ramu Kodemala's profile image Profile Picture

    Dat AU DUONG on 16 Aug 2020 03:48:15

    RE: Security - Ability to maintain source security for reports published on BI Sites

    Am I understand this correctly that, it is an ability to link Logged in User to the Rows Level Data that the User Can see ? That's what I want to do now.

    Ramu Kodemala's profile image Profile Picture

    Dat AU DUONG on 16 Aug 2020 03:48:15

    RE: Security - Ability to maintain source security for reports published on BI Sites

    We have 1 common data source where we want to be able to show certain data based who is viewing the report, is this currently possible to do ?

    Ramu Kodemala's profile image Profile Picture

    Giuseppe Sica on 16 Aug 2020 03:48:15

    RE: Security - Ability to maintain source security for reports published on BI Sites

    It 's too important PowerBi has its own management system for row level security.
    This will give access to PowerBi to companies that can not buy SQL Server Enterprise.

    Ramu Kodemala's profile image Profile Picture

    Chris Utter on 16 Aug 2020 03:48:14

    RE: Security - Ability to maintain source security for reports published on BI Sites

    On August 19th, 2015 MS announced GA of Row-Level security in SQL Azure Database. See https://msdn.microsoft.com/library/dn765131.aspx for more information

    Ramu Kodemala's profile image Profile Picture

    Power BI User on 16 Aug 2020 03:48:14

    RE: Security - Ability to maintain source security for reports published on BI Sites

    This feature should be implemented and rolled out at the earliest.

    Ramu Kodemala's profile image Profile Picture

    Kirk Potter on 16 Aug 2020 03:48:14

    RE: Security - Ability to maintain source security for reports published on BI Sites

    DAX has a USERNAME () function which may help

    Ramu Kodemala's profile image Profile Picture

    vivek bheda on 16 Aug 2020 03:48:13

    RE: Security - Ability to maintain source security for reports published on BI Sites

    Please add this functionality as there is always requirement for sales firm to show saleperson user their own data when they logged in to office 365 tenat.


    We should be able to write a query that allow us to filter data with the current user logged in

    Ramu Kodemala's profile image Profile Picture

    Barak Nahari on 16 Aug 2020 03:48:13

    RE: Security - Ability to maintain source security for reports published on BI Sites

    I have role in tabular model
    but in power bi site it's not working

    in bi desktop it work great

    somebody can explain

    Ramu Kodemala's profile image Profile Picture

    Power BI User on 16 Aug 2020 03:48:12

    RE: Security - Ability to maintain source security for reports published on BI Sites

    If we were to dynamically display/secure data, it would be interesting to have the current user logged in expose to the interface