by Guillermo Julca (Yemo) The Marketing Advantage, Inc @2017
Row-level security (RLS) with Power BI • Can be used to restrict data access for given users. • Filters restrict data at the row level. • We can define filters within roles. • We can configure RLS for data models imported into Power BI
with Power BI Desktop. • We can also configure RLS on datasets that are using DirectQuery, such as SQL Server. • We can define roles and rules within Power BI Desktop. • When we publish to Power BI, it will also publish the role definitions.
Limitations • If you previously had roles/rules defined within the Power BI
service, you will need to recreate them within Power BI Desktop.
• You can define RLS only on the datasets created using Power BI
Desktop client. If you want to enable RLS for datasets created with Excel, you will need to convert your files into PBIX files first.
• Only ETL, and DirectQuery connections are supported. Live
connections to Analysis Services are handled in the on-premises model.
Limitations (cont’d) • Q&A and Cortana is not supported with RLS at this time. • External sharing is not currently supported with datasets
that use RLS.
• For any given model, the maximum number of Azure AD
principals (i.e. individual users or security groups) that can be assigned to security roles is 1,000. To assign large numbers of users to roles, be sure to assign security groups, rather than individual users.
Published on Sep 14, 2017