To ensure that data in Power BI reports do not fall into the wrong hands, it is possible to apply Row-Level Security (RLS) to any report within a workspace. This ensures that for each recipient of the report a difference can be made in what data they can see. It is important that the setup is done accurately and that the members of a workspace are assigned the right role to prevent them from seeing too much information, for example. This RLS layout of the online workspaces in Power BI has changed in the last few months. In this blog, we explain what to pay attention to when setting up a new workspace and setting up the renewed RLS in Power BI.
A good example of the application of RLS is in a multi-branch store chain, where each branch manager is responsible for his own store. Each branch manager is only allowed to see the figures of his own store. Because of RLS it is no longer necessary to create a separate report for each store manager.
RLS for published dashboards is set up in Power BI Desktop under the Modeling tab. For each role, the report must indicate which tables are to be filtered. Different columns within a table can be filtered, for example on the Place column. Below is an example of the role for a branch manager in Rotterdam.
By filtering the region of the store on Rotterdam, the transaction table is also filtered on data from Rotterdam, provided a relationship is established between these two tables. When there are several branches in Rotterdam, managers from this city will be able to view each other’s figures in the current set up. In some cases, this may not be desirable. To prevent this, it is possible in this dataset to filter one level deeper through a unique field per store. In our example this is StoreID. As long as each StoreID in our dataset is unique, each manager will only be able to see data of his own store. A separate role should be created for each manager.
Once the report is published, the email addresses can be added to the corresponding role in the Power BI Service. It is possible to link 1 email address to different roles. This situation can occur when for example a manager (temporarily) takes over another branch. An e-mail address can be deleted at any time, which means that the rights to view the data expire immediately for the person in question. It is therefore important that a designated person maintains and updates the RLS rights.
As previously mentioned, the functionalities of workspaces have recently been renewed by Microsoft. Within the old workspaces, you could only assign the roles Member or Administrator to a person. In the new situation there are four different roles:
Besides the new roles, creating a workspace is also different. When creating an old workspace, an Office 365 group was always created. With the introduction of the new workspaces, a workspace is created without an Office 365 group. The workspaces only exist in the Power BI environment. Because of this, the workspaces do not automatically appear in for example Teams. In the past, this was experienced as confusing by many users.
It is possible to convert an existing workspace to a new workspace. This is easy to change under the advanced settings. This option can be found in the workspace settings.
In the old workspaces, all members can be seen separately. When converting to the new workspace, these members are clustered into a group with the name of the workspace. You can see which members are in the group on the Office 356 site. We recommend converting old workspaces to new workspaces so you can assign more specific roles to people.
This concludes RLS in Power BI. If you want to know more about RLS or Power BI in general, please contact Paul!
In this blog, we are looking at a common scenario in the world of data: Microsoft Excel versus PowerApps. PowerApps offers a great alternative to our traditional spreadsheets. We will explore why it sometimes might be a clever idea to switch from your familiar spreadsheets to the new world of PowerApps.
On November 14th, 2023, the Future of Data & Analytics took place in Sparta-Stadium ‘Het Kasteel’ in Rotterdam. Leading organizations told us their stories on business digitalization. This page will give you access to the slides of the different sessions.
Microsoft Fabric is a new tool from Microsoft that integrates existing components in the areas of Data Science, Data Engineering, and Data Visualization. This speeds up your business process and ensures that you don’t have time-consuming jobs writing data from one component to another. During this online Master Class, we explain how this works.