Data Security in Power BI – Users’ Roles and Permissions

In Power BI, we can store data encompassing an entire enterprise. You can create workspaces, applications and dashboards with information from individual units of the company, e.g. Controlling, Sales or Production. It is possible to establish connections with many data sources with different structures, which, following transformations, can be imported into a uniform warehouse. Data contained in Power BI may have different levels of confidentiality, which is why it is not always advisable to give all platform users full access to the content it contains. Power BI allows you to control access to data displayed on reports according to their purpose by defining the roles of users.

Security levels

Permissions are defined at three levels:

  1. Workspace – this is a place for storing all Power BI datasets and their related reports. Permissions at this level apply to the entire content of the workspace. The user of the service may be assigned as a manager: administrator, member or co-author. There is also a fourth group for the users who can view the content, but with no access tosettings. These are usually end users who read ready-made reports. 

The chart below shows the platform with three workspaces. Understandably, depending on the license you have, there may be more of them, with more extensive content. 

2. Report – Reports as such do not store data. The visualizations in them are associated with datasets which determine what portion of information may be uploaded into them. If the dataset is in a different workspace than the report, the user should be granted permissions to that dataset as well, otherwise they will only see the report in the workspace, but will not be able to use it. 

This situation is presented in the chart below. The user with permissions to the sales workspace will see two reports, but will only be able to use report no. 2. To ensure that the user can access report no. 1, they should be granted permissions to the dataset located in the administration workspace. 

3. Dataset – the workspace may contain information that should not be fully available to individual users. Power Bi allows you to restrict data access by setting row-level security and assigning roles to users. This is a customisable process, with the designer deciding about the number and scope of those roles.

The chart below shows how row-level security works. Both user no. 1 (sales manager) and user no. 2 (sales region south leader) have access to the sales workspace. The manager can see information for all sales areas. By applying row-level security, in the report the leader will only see data for their region, even though they use the same report as the manager.

Row-level security – an example of role usage

We will use sample country-wide sales data to demonstrate how the security mechanism works. Currently, the report displays results for all sales regions. Let’s assume that this level of detail is reserved for management, who should have access to full information. In turn, region leaders may want to see statistics related only to their own respective areas of responsibility.

To limit the amount of data displayed for the leader responsible only for a selected sales region, row-level security can be applied by configuring dataset roles in Power BI Desktop. This will prevent displaying rows that do not meet the condition specified for the selected role.

A person assigned as the south region leader will be able to display sales information only for the provinces from that region, specifically in this case: Małopolskie, Podkarpackie, Śląskie and Świętokrzyskie provinces. For each of the roles, you can assign a different a filter expression. In addition, each role can have multiple filtering expressions, e.g. it is possible to limit the data to the sales region and the current month. In this way, a user assigned to a role will see only the current data and their sales region.

To assign users to groups, you need to publish the dataset in the Power BI workspace and navigate to the row-level security management section.

From that section you can also quickly test the correct operation of security in the selected role. The reports will then be displayed in the version that the user will see, with no need to change own account permissions. You can also test the settings locally before applying them to the service in Power BI Desktop.

We should keep in mind that users assigned to row-level security roles do not have permission to manage the configuration or edit content within the entire workspace – then the restrictions for the selected data set will be overridden and they will be able to change the security settings themselves, downloading the file in full.

Summary

The discussed case presents one of the many methods of implementing the security available in Power BI. Conditions limiting the displayed data can be defined based on static conditions or using a dynamic object – for example, the name of the logged-in user.

Roles and permissions are not only security and control over access to data, but also a way to make work easier. Analyses can automatically present the business context for the person they refer to. Reports configured in this way can be further edited and extended directly in the cloud, or locally using the Power BI Desktop application, without the need to configure the data set for the end-user each time.

Our Experts
/ Knowledge Shared

19.11.2024

PIM + AI = Success / Optimizing PIM Systems With Artificial Intelligence

Artificial Intelligence

In today’s rapidly changing business world, managing product information has become one of the key challenges, especially for companies operating across multiple markets. Although artificial intelligence is a hot topic, much of the available material focuses mainly on theory or the distant future. We’re taking it a step further – below, we present...

Ilustracja przedstawiająca robota reprezentującego sztuczną inteligencję, otoczonego symbolami wyzwań i błędów w sztucznej inteligencji. Obraz zawiera pomarańczowy mózg, zepsutą żarówkę i cyfrowe piksele, symbolizujące dane i zagrożenia etyczne związane z awariami sztucznej inteligencji
30.10.2024

The Complex World of AI Failures / When Artificial Intelligence Goes Terribly Wrong

Artificial Intelligence

AI has revolutionized industries, offering impressive capabilities in efficiency, speed, and innovation. However, as AI systems become more integrated into business operations, it becomes evident that these tools are not without flaws. From minor glitches to significant ethical issues, AI failures highlight the fragility of these systems. Businesses must...

AI w optymalizacji łańcucha dostaw materiałów budowlanych
28.10.2024

Application of Artificial Intelligence in Optimizing the Supply Chain of Building Materials

Artificial Intelligence

Can artificial intelligence revolutionize the management of building materials supply chains? Learn how AI can help optimize demand forecasting, manage orders and inventory, minimize risks, and personalize customer offerings. Discover the future of AI in the construction industry. The supply chain in the building materials industry is a complex and...

Expert Knowledge
For Your Business

As you can see, we've gained a lot of knowledge over the years - and we love to share! Let's talk about how we can help you.

Contact us

<dialogue.opened>