Skip to main content

Power BI

Under Review

Security - Ability to maintain source security for reports published on BI Sites

Vote (1710) Share
Ramu Kodemala's profile image

Ramu Kodemala on 03 Mar 2015 07:53:46

The general requirement is that visualizations (Power View, SSRS etc...) must not circumvent existing policies, or introduce yet another set of security policies on top of those already implemented at the source.

* For example, a visualization of sales data needs to reflect the policy that account managers can only read sales data for their region.
* For performance reasons, this is enforced at the source by injecting predicates into the query based on the end users identity. If identities for end users are not passed down the process chain into the data layer, it leaves us little option but to publish individual reports for every region, which results in an explosion of complexity and numbers of reports, or move the whole model to BISM and manage the policy in yet another place (namely the BISM model).

Impact
blocking migration to SPO/BI Sites. At least 412 Site Collections with more than 600 Power Views. Impacting Adoption or migration for majority of BPUs - e.g. Finance, LCA, HR, etc

Administrator on 16 Aug 2020 02:15:30

Hey all! We've continued to make progress here, so I wanted to update this thread with our current capabilities for maintaining security on dashboards/reports. As always, all of this information can be found in our Row-Level Security (RLS)documentation: https://powerbi.microsoft.com/en-us/documentation/powerbi-admin-rls/ > If you have set up RLS in Analysis Services, Power BI will send the signed-in user's credentials to Analysis Services, and respect the RLS rules set up on the on-premises model. > Separately, you can set up RLS in Power BI for data sources that you import or connect to via DirectQuery. This process starts in PBI Desktop, where you define roles, and write DAX to constrain what data these roles can see. As part of this process, can you use the UserPrincipalName () DAX function to get the current signed in user's UPN (e.g. joe@contoso.com). Then, once you publish to service, you can assign users to these roles. Does the above meet your requirements? Please let us know via comments or e-mail. Those of you who requested that the identity of the signed in Power BI user be pass through to Azure SQL, SQL DB, DWH, etc.: we hear you - that is under consideration. Thanks, -Sirui

Comments (143)
Ramu Kodemala's profile image Profile Picture

5fee799d 7131-4dbb-8468-27a1f51879df on 16 Aug 2020 03:52:42

RE: Security - Ability to maintain source security for reports published on BI Sites

Still looking to see if there is a general solution for this without SSAS. This is crucial to implementation and may ultimately be the deal breaker that moves us to another platform.

Ramu Kodemala's profile image Profile Picture

e5081565 1ae5-4bcd-9d84-1fed81517315 on 16 Aug 2020 03:52:42

RE: Security - Ability to maintain source security for reports published on BI Sites

How do we Implement Row Level Security???
In an Organizational Hierarchy?
Do Power BI Provide any Solution For it.

Ramu Kodemala's profile image Profile Picture

8901387b ecef-463c-9c3b-3eaf3ffb1873 on 16 Aug 2020 03:52:41

RE: Security - Ability to maintain source security for reports published on BI Sites

Very much needed feature. Without this you cannot productize metrics. A deal breaker.

Ramu Kodemala's profile image Profile Picture

431581a6 37a5-4ca4-bafe-46baf59d7e7a on 16 Aug 2020 03:52:41

RE: Security - Ability to maintain source security for reports published on BI Sites

I just quickly tested the row-level security and it works great. I will do more testing and provide our feedback. Thank you so much Power BI team !!.

Ramu Kodemala's profile image Profile Picture

448c88d3 2ea6-4aee-bd4b-a133737c0264 on 16 Aug 2020 03:52:41

RE: Security - Ability to maintain source security for reports published on BI Sites

'@marcelo, I can not repro the first issue you reported. Can you please file a ticket at https://support.powerbi.com by clicking on "Contact support" for better assistance? And yes, we are actively working on #2.

Ramu Kodemala's profile image Profile Picture

e74603d6 5062-4f21-b3ba-6f4362dae362 on 16 Aug 2020 03:52:41

RE: Security - Ability to maintain source security for reports published on BI Sites

Most certainly, passing the identity from power BI web to a backend is a necessity!

Ramu Kodemala's profile image Profile Picture

c935c59d 6f0e-48ab-b20f-c46403545b3e on 16 Aug 2020 03:52:40

RE: Security - Ability to maintain source security for reports published on BI Sites

Two issues:
1. The security option does not show in portuguese version.
2. We need to be able to upload and updated file from PBI Desktop without having to redo the RLS.

Ramu Kodemala's profile image Profile Picture

8b8ec8ed ae05-4eed-9986-0c3da7119117 on 16 Aug 2020 03:52:39

RE: Security - Ability to maintain source security for reports published on BI Sites

This will increase user adoption. Very few people will go through all the steps necessary to create personalized filtered reports/dashboards. We need the ability to distribute corporate reports without 2 pages of instructions on how to personalize them.

Ramu Kodemala's profile image Profile Picture

74b6e4e4 ceb3-4b65-8eb9-db8f360b9d79 on 16 Aug 2020 03:52:39

RE: Security - Ability to maintain source security for reports published on BI Sites

Saw it in action, it's exactly what we needed.

Ramu Kodemala's profile image Profile Picture

b7e0968f 1338-e811-a971-000d3a1ab58c on 16 Aug 2020 03:52:39

RE: Security - Ability to maintain source security for reports published on BI Sites

'+1 for the ETA Please as this is preventing us from starting a major project and also because I used THREE whole votes :D