Skip to main content

Power BI

Under Review

Security - Ability to maintain source security for reports published on BI Sites

Vote (1710) Share
Ramu Kodemala's profile image

Ramu Kodemala on 03 Mar 2015 07:53:46

The general requirement is that visualizations (Power View, SSRS etc...) must not circumvent existing policies, or introduce yet another set of security policies on top of those already implemented at the source.

* For example, a visualization of sales data needs to reflect the policy that account managers can only read sales data for their region.
* For performance reasons, this is enforced at the source by injecting predicates into the query based on the end users identity. If identities for end users are not passed down the process chain into the data layer, it leaves us little option but to publish individual reports for every region, which results in an explosion of complexity and numbers of reports, or move the whole model to BISM and manage the policy in yet another place (namely the BISM model).

Impact
blocking migration to SPO/BI Sites. At least 412 Site Collections with more than 600 Power Views. Impacting Adoption or migration for majority of BPUs - e.g. Finance, LCA, HR, etc

Administrator on 16 Aug 2020 02:15:30

Hey all! We've continued to make progress here, so I wanted to update this thread with our current capabilities for maintaining security on dashboards/reports. As always, all of this information can be found in our Row-Level Security (RLS)documentation: https://powerbi.microsoft.com/en-us/documentation/powerbi-admin-rls/ > If you have set up RLS in Analysis Services, Power BI will send the signed-in user's credentials to Analysis Services, and respect the RLS rules set up on the on-premises model. > Separately, you can set up RLS in Power BI for data sources that you import or connect to via DirectQuery. This process starts in PBI Desktop, where you define roles, and write DAX to constrain what data these roles can see. As part of this process, can you use the UserPrincipalName () DAX function to get the current signed in user's UPN (e.g. joe@contoso.com). Then, once you publish to service, you can assign users to these roles. Does the above meet your requirements? Please let us know via comments or e-mail. Those of you who requested that the identity of the signed in Power BI user be pass through to Azure SQL, SQL DB, DWH, etc.: we hear you - that is under consideration. Thanks, -Sirui

Comments (143)
Ramu Kodemala's profile image Profile Picture

f69a8a55 1545-4a29-932b-f9e8623cb810 on 16 Aug 2020 03:51:40

RE: Security - Ability to maintain source security for reports published on BI Sites

Any update on the status of this? This is a must have feature for Power BI to deploy directly and not to have to have Analysis Services Tabular model

Ramu Kodemala's profile image Profile Picture

7a95bad8 0d72-4292-883c-8e17ec0e51da on 16 Aug 2020 03:51:36

RE: Security - Ability to maintain source security for reports published on BI Sites

Agreed! This is definitely needed

Ramu Kodemala's profile image Profile Picture

e89d64d3 fb52-4fb5-9c57-63c650c399d1 on 16 Aug 2020 03:51:34

RE: Security - Ability to maintain source security for reports published on BI Sites

How to control the data accessing by user wise, if my data is from text/excel or some other non-Microsoft data sources.

Ramu Kodemala's profile image Profile Picture

52199c32 316d-43e5-9af8-1a78078ef3d8 on 16 Aug 2020 03:51:33

RE: Security - Ability to maintain source security for reports published on BI Sites

yes, this is vital for sharing data within the business

Ramu Kodemala's profile image Profile Picture

fcce559a 1f75-49f8-82bd-de40d6bbe0e8 on 16 Aug 2020 03:51:33

RE: Security - Ability to maintain source security for reports published on BI Sites

it will very useful we if get the Row based security with in the Power BI

Ramu Kodemala's profile image Profile Picture

60ab9a8b 3c26-466c-9a75-8efcbc5fd8e8 on 16 Aug 2020 03:51:29

RE: Security - Ability to maintain source security for reports published on BI Sites

Please, we need to manage security in the report itself. Inside a data model, define row security per user.

Ramu Kodemala's profile image Profile Picture

a47916d3 fc67-4d82-83a3-c3887f05315a on 16 Aug 2020 03:51:18

RE: Security - Ability to maintain source security for reports published on BI Sites

Yup, its must for businesses to make full use of Power BI.

Ramu Kodemala's profile image Profile Picture

51d2584d 0800-4cf3-a5bc-f5352ab238df on 16 Aug 2020 03:51:17

RE: Security - Ability to maintain source security for reports published on BI Sites

Any update on adding role based security in PowerBI?

Ramu Kodemala's profile image Profile Picture

420143fe 989d-4604-914e-2bf52ac48387 on 16 Aug 2020 03:51:16

RE: Security - Ability to maintain source security for reports published on BI Sites

This is one of those "deal-breaker" kind of features that will determine whether one can use Power BI or not. Absolutely has to be on the immediate roadmap for Power BI.

Ramu Kodemala's profile image Profile Picture

420143fe 989d-4604-914e-2bf52ac48387 on 16 Aug 2020 03:51:16

RE: Security - Ability to maintain source security for reports published on BI Sites

This is one of those "deal-breaker" kind of features that will determine whether one can use Power BI or not. Absolutely has to be on the immediate roadmap for Power BI.