Row-level security in Power BI

To ensure that data in Power BI reports do not fall into the wrong hands, it is possible to apply Row-Level Security (RLS) to any report within a workspace. This ensures that for each recipient of the report a difference can be made in what data they can see. It is important that the setup is done accurately and that the members of a workspace are assigned the right role to prevent them from seeing too much information, for example. This RLS layout of the online workspaces in Power BI has changed in the last few months. In this blog, we explain what to pay attention to when setting up a new workspace and setting up the renewed RLS in Power BI.

RLS in Power BI in practice

A good example of the application of RLS is in a multi-branch store chain, where each branch manager is responsible for his own store.  Each branch manager is only allowed to see the figures of his own store. Because of RLS it is no longer necessary to create a separate report for each store manager.

RLS for published dashboards is set up in Power BI Desktop under the Modeling tab. For each role, the report must indicate which tables are to be filtered. Different columns within a table can be filtered, for example on the Place column. Below is an example of the role for a branch manager in Rotterdam.

Apply filter storeID

By filtering the region of the store on Rotterdam, the transaction table is also filtered on data from Rotterdam, provided a relationship is established between these two tables. When there are several branches in Rotterdam, managers from this city will be able to view each other’s figures in the current set up. In some cases, this may not be desirable. To prevent this, it is possible in this dataset to filter one level deeper through a unique field per store. In our example this is StoreID. As long as each StoreID in our dataset is unique, each manager will only be able to see data of his own store. A separate role should be created for each manager.

Once the report is published, the email addresses can be added to the corresponding role in the Power BI Service. It is possible to link 1 email address to different roles. This situation can occur when for example a manager (temporarily) takes over another branch. An e-mail address can be deleted at any time, which means that the rights to view the data expire immediately for the person in question. It is therefore important that a designated person maintains and updates the RLS rights.

Roles in new workspaces

As previously mentioned, the functionalities of workspaces have recently been renewed by Microsoft. Within the old workspaces, you could only assign the roles Member or Administrator to a person. In the new situation there are four different roles:

• Viewer is the read-only role. With this role, it is not possible to edit or change reports. Attention! When a report uses RLS, all users must get at least the role of viewer, otherwise the RLS will not work.
• Contributor is the role assigned to persons who need to be able to publish, edit, update and delete reports. This is a role for the developers in the team for example. However, the contributor does not have the right to share reports or add users to the workspaces.
• In addition to publishing, editing and updating, a Member can also share the reports with others. They also have the rights to add users with the same or lower roles (Viewer and Contributer).
• An Admin has all the functionalities that the lower roles have, but in addition administrators can also remove workspaces and make other people administrator. Administrators are also allowed to remove people from the workspaces.

Creating new workspaces

Besides the new roles, creating a workspace is also different. When creating an old workspace, an Office 365 group was always created. With the introduction of the new workspaces, a workspace is created without an Office 365 group. The workspaces only exist in the Power BI environment. Because of this, the workspaces do not automatically appear in for example Teams. In the past, this was experienced as confusing by many users.

It is possible to convert an existing workspace to a new workspace. This is easy to change under the advanced settings. This option can be found in the workspace settings.

In the old workspaces, all members can be seen separately. When converting to the new workspace, these members are clustered into a group with the name of the workspace. You can see which members are in the group on the Office 356 site. We recommend converting old workspaces to new workspaces so you can assign more specific roles to people.

This concludes RLS in Power BI. If you want to know more about RLS or Power BI in general, please contact Paul!

All you need to know about Microsoft Data Integration Services

What is Microsoft Data Integration Services 

In this blog we explain you all you need to know about Microsoft Data Integration Services. Microsoft Data Integration Services divides into two categories:  

1. On-premise, (local) variant. You work locally on a server, and you develop the integrations and workflows on this server. We call this SQL Server Integration Services (SSIS).
2. Azure Integration Services (AIS): Here, you work on the cloud platform of Microsoft (Azure), and the Integration service consists of various solutions, which together form the integration solutions of Microsoft. This set of solutions together is called the Microsoft Azure Integration Services. 

  In this blog, we will only focus on the different solutions within the AIS platform. 

What does Microsoft Azure Integration Services?

AIS is mainly intended to move data and is an umbrella name for five solutions contained within it. You can think of transferring data from the various systems of an organization to a data warehouse (data hub) environment. AIS has connectors to make connections to such systems. The data that can be retrieved in different formats: 

• Structured data (data in tables) 
• Semi-structured data (email, PDF, HTML) 
• Unstructured data (video and photo) 

The different solutions within AIS can be divided into two application areas: Integration as a service and Analytics  

Integration as a service (IAAS) 

IAAS is characterized by real-time data shifts between numerous systems and is often the heart of a company. Think of an order placed in a web application and moved to the accounting system and an order management system using an IPAAS (Integration Platform as a Service). This type of data integration is often near real-time and event-based. Also, many of the integrations are based on APIs. The solutions in the Azure Integration Services that are used for this include Logic Apps, Service Bus, API Management, and Event Grid 

Analytics integration

Different systems are made accessible in analytics applications, and this data from the various sources is written into a data hub. You can then use this data in many other systems. Consider, for example, the reporting tool PowerBI or Tableau. The loading and preparation of the data takes place separately in a central environment. This creates consistent results that can be reused. In this case, data (unlike IAAS) usually loads in batches. There is also a more direct connection to source systems, and data refreshes are usually scheduled or triggered. The Azure Integration Services solutions used for this include Logic Apps, Azure Data Factory, and Azure Analysis Services.   

Here is a brief overview of these different solutions from both domains and what they can do: 

• Logic Apps: With Logic Apps, you create transparent workflows (workflows) to connect to different systems using APIs. These workflows run in the predefined order when the trigger is fired.
• Service Bus: Azure Service Bus is a cloud messaging service that connects all applications, devices, and services running in the cloud to other applications or services. 
• API Management: A hybrid multi-cloud management platform for APIs in all environments. In this way, internal and external developers can connect to the back-end systems at any time. 
• Event Grid: Event Grid is an integrated service for managing the routing of all events from any source to any destination (what happens when and where the data should go based on the event). 
• Azure Data Factory: Azure Data Factory is a cloud-based data integration service that allows you to create data-driven workflows in the cloud and automate data movement and data transformation.   

Benefits of Microsoft Data Integration Services 

1. Centrally manageable 
2. Consistent transformations on the data 
3. Clear to work with through process flows 
4. An unprecedented number of connectors to unlock source systems 
5. Easy to make transformations on the date 

Rockfeather & Microsoft Data Integration Services 

With Rockfeather, we use these solutions by creating an intermediate layer when we retrieve the data from systems, whether this is for an IAAS question or more for an Analytics question. 

For example, we provide access to the ERP system, an HR system, and a tool with an API. We can write all this to a data hub. We then use these as a source for the solutions as mentioned above. The advantage of this is that we can load the same results regardless of the solution. In addition, it is efficient and clear to retrieve the data and transform it where necessary. After we have all this down, it will continue to update fully automatically.