Thursday, November 24, 2016

Dynamic Row Level Security (RLS) on Power BI


What is our Goal?

Restrict access to the user at the dataset level.

For example, If A, B and C are the Employee of XXX Company. All the employee’s data available in company data base. When A login to HR Application Then A can see only it’s related data. A cannot see other colleague data. This is the actual concept of Row Level Security.

Today we are going to implement it through POWER BI. To do that we have taken 2 Tables named ‘EmployeeHierarchy’ and ‘Fact_IncrementAmt’.




Now we have to apply security based on employee’s username in PowerBI window.

Step1: Go to Relationship window and create relation between ‘EmployeeHierarchy’ and ‘Fact_IncrementAmt’ based on EmpName column.



Step2: Go to Report window and create a table visualization using both column in ‘Fact_IncrementAmt



Step3: Click on Modeling tab, from there click on ManageRole Options. Now click on create button to create a role and give a name of the role.


Step4: Click EmployeeHierarchy table in ManageRole window and write below DAX query into it.

[ReportsToMan] & "@sqltopossible.com" = UserPrincipalName()  ||

[Level1] & "@sqltopossible.com" =UserPrincipalName() ||

[Level2] & "@sqltopossible.com" =UserPrincipalName() ||

[Level3] & "@sqltopossible.com" =UserPrincipalName() ||

[Level4] & "@sqltopossible.com" =UserPrincipalName()


Step5: Save the entire solution and publish the Power BI report.

Note: Here I have created EmpEmail as EmpName+’@sqltopossible.com’ to make the security filter easy. First I extract username from PowerBI Login page, then compare it with ReportsToMan column with added string @sqltopossible.com.




Test case

Before publishing the report, we can test the report by giving Username in ViewasRole Window.

Let’s test the report.

Here ‘Subhdip’ is the BOSS of this table, so he can see all the Employee’s data.



Here ‘Pritam’ can’t see ‘Subhdip’ data, but he can see ‘Sourav’ and ‘Anurag’ data because of he is the manager of ‘Sourav’ and senior manager of ‘Anurag’.


Since ‘Anurag’ is lowest level employee, here he see only his data.




 
Posted by at

3 comments:

  1. UnknownJune 13, 2017 at 6:51 PM

    Hi Pritam. Just wanted to say thanks! This article really helped me out!!
    -Brent

    ReplyDelete
  2. UnknownJuly 16, 2017 at 1:06 AM

    Thanks for this Post,its very helpful
    I have one scenario in my report having Role User and Application Tables, here each user having different applications and Roles are assigned ,here my requirement is I want implement RLS Based on Application and role wise
    in this case how Each application wise Admin can see all other roles data
    Can you please suggest how can i Implement in this case.

    Regards
    Mallikarjun

    ReplyDelete
  3. Praseej KumarSeptember 12, 2017 at 6:03 AM

    Thank you for your post, Can you please explain how to do it on-prime ..

    ReplyDelete

Subscribe to: Post Comments (Atom)