Manage Roles option under Modeling menu in power bi desktop getting greyed out when we use "Connect live" method to get data from analysis service for the report.
It is available when we use "Import" method to get the data.
We have a Power BI report which uses live connection to get data from azure analysis service. One requirement we have is to restrict the users to their relevant data alone. For example, a team lead should see the data of his/her team members alone. We tried Row Level Security (RLS) in Power BI to do this by creating roles and setting filter on required column and it works fine when we use the import data option from azure analysis service. But when we try to do the same using "Connect live" method, the "Manage Roles" option under Modeling ribbon gets greyed out in power bi desktop. I can't create roles and so no filtering.
Please help me on this. Also point me in the right direction if I'm doing wrong.
Here is what I have done so far:
I have created multiple Power BI reports. Each report has multiple visuals.
I have published the reports into the Power BI workspace.
Report developers can access the reports via the workspace. Business users can access the reports via the application published from the workspace (containing the reports).
I want to understand what is the purpose/use case of using the Power BI dashboard when I already have the report/application capability as described above.
I know that dashboard allows to pin live report page or add visuals from various reports into one dashboard. When exactly is this useful?
I created the Report in PowerBi desktop and Published in the PowerBI service. In the workspace we have 4 users each of them from different region, I need to set the RLS from the user table. The requirement is I should not use the available option "Manage Roles" in PowerBi desktop.
Kindly share your thoughts!!!
Thanks
Using RLS in this way is currently not supported.
I am wanting to know how secure Row-Level Security is.
We are currently working on creating a dashboard that would be shared with 500 users within our organisation. All of these users are managers and we would be using dynamic row-level security so that each user would only be able to view information in the dashboard related to their own team.
I have tested RLS and it worked fine, but I have had another Power Bi user tell me that RLS is not completely secure as my base data is coming from excel. My base data is in excel, but I convert it into a pbix file in Power Bi desktop before creating the role, then publishing to power bi service, where I assign users to the role and give read only access.
I am wondering once I have shared the dashboard with these users is there any way for them to get around the RLS and access the base data?
Thanks in advance,
Amy
There are a number of factors to consider for imported data.
If the user can download the report, they could remove the role and access all the data. I would recommend turning this off in the Power BI Admin protal for selected users, or an AD group.
They could connect to the dataset via Excel or another report and get the data that way without the role level filter being used. Having them as read only is one way of stopping them altering the report. I would suggest deploying the report as an app, then they can only access the surfaced report not the underlying dataset.
I'm using Power bi service along with power bi desktop version.
What I'd like is to spend less time on setting up UI for my charts.
Let's say I have multiple accounts with power bi datasets in them (hybrid dataset to be able to display data in real-time).
Currently I have to create report on each of them, set up charts etc. I expected to create pbix file once and then just publish it to different accounts. But when it comes to reports bound with power bi datasets, it is no longer possible. Even if account already has exactly the same hybrid dataset.
Any ideas on how to implement portable reports?
If I got your point correctly, you have multiple accounts and in each of them you have the same dataset. You want to create open report, which you will publish to all of these accounts. I do not understand why do you need to create a new report for each of your accounts. Why not just change the data source of your report prior publishing it to each of these accounts?
Also it is not clear, how these datasets are created. I think there are two possible options here - these datasets are published with your report, or they are existing datasets not published with this report.
In the first case, just design your report, getting data from your database, and publish the report in each of your accounts. You could change the data source prior every publishing, if your different accounts/datasets should get data from different databases.
In the second case, when you design your report, do not get data from the database, but connect the report to the Power BI Service itself:
and pick the existing dataset:
Before each publish change the account you are logged in, change the data source of the report and select the dataset from the corresponding account. This way when publishing the report, the dataset will not be overwritten, but will be shared between this report and any other report who uses it.
To change the data source of your report, in the drop down of "Edit Queries" button, select "Data source settings" and then click "Change Source..." button.
In both ways you will design your report only once, but it will be published in different accounts using different data.
Are all of your users in the same tennant/company?
If so, create a workspace. Create your report which uses another power BI dataset as its source. Turn on row level permissions. Share the new report to all people. They will only see the data relevant to them and you will only need to maintain one report.
Row level security in power bi
I have used Power BI Service with Multiple Reports/Users in Same Organization with Shared Data Sources using different Reports for each user using the same Datasets.
From your Admin Account (eg. it#contoso.org) Publish all the Reports and once its working from Online (after configuring Gateway and DataSources). Download the PBIX Report File from Power BI Online.
Using Admin Account go to Dataset Settings and Allow the users who will use reports using this datasets to Publish Reports using this Dataset (further security to use dataset i.e. Even if they get the source PBIX File and upload it they wont get access to the data).
Login using the Users Power BI Account (must be within Same Organization, eg. contoso.org) then upload the Same PBIX Report File which was downloaded Earlier from Power BI Web Portal (do not publish via the Desktop App), its more efficient and cleaner on Accessing the Data through Web/Devices.
Now the reports as already they are using the same shared Datasets, the reports will be running fine and the data source settings only have to be done once from Admin User.
And for any further databases Administration only One Admin Account need to be used to access and modify the Data Source Settings.