Power BI is a powerful business intelligence tool that allows organizations to transform data into actionable insights. With its ability to create interactive reports and dashboards, Power BI is widely used for data analysis and visualization. However, as organizations grow larger and more users access these reports, it is important to implement security measures that ensure data is only accessible to those with the proper permissions. Two key security features in Power BI that help achieve this are row-level security (RLS) and object-level security (OLS).
Row Level Security
Row-level security (RLS) is a feature in Power BI that restricts data access at the row level. This means that users can only see data that is relevant to them based on defined roles and filters. RLS is particularly useful in scenarios where different users or groups should only have access to specific subsets of data.
For example: consider a company that has sales data from multiple regions. The company wants to ensure that sales managers can only see data related to their respective regions. By implementing RLS, the sales manager of the North region will only see data from the North, while the sales manager of the South region will only see data from the South.
Object Level Security
Object-level security (OLS) in Power BI controls access to specific objects within the data model, such as tables, columns, or measures. OLS ensures that users can only view or interact with the objects they are allowed to access. This is especially important when you have sensitive or confidential data that should not be exposed to all users, even if they have access to reports.
For example: consider a scenario where you have a table with employee salary information. You want some users to access the overall sales data but restrict access to salary details. OLS allows you to hide the entire table or specific columns from unauthorized users.
Combining Row-Level & Object Level Security
While RLS and OLS are powerful on their own, combining them provides a more comprehensive security solution. By integrating RLS and OLS, you can ensure that users see only the data they are authorized to see, at both the row and object levels. This is particularly important in scenarios where both data sensitivity and the granularity of access control are critical.
Steps to Implement RLS &OLS Together
Pre-requisite: A sales dashboard (.pbix file) which you can download from here.
Step 1: Open Power BI file in Power BI Desktop
Step 2: Go to Modeling tab and select Manage roles to create role
Step 3: Click on New to create role and named it RLS+OLS (optional); select table and click on New in Filter data
Implementing RLS
Step 4: select column (Access) and their respective value; hit Save button
Implementing OLS
Step 5: Go to External tools and select Tabular Editor to restrict the actions on specific role
Step 6: Expand Tables > sales_data_rls_ols > Salesperson and scroll-down till end
Scroll-Down
Step 7: Expand Object Level Security and click on dropdown with Default to select None; Save it using ctrl+s and close it
Step 8: Go to Modeling and select View as
Step 9: select RLS+OLS and click on OK
Output:
Conclusion:
Row-level security (RLS) and object-level security (OLS) are essential tools for managing data access in Power BI. While they are powerful individually, their true strength lies in their ability to work together, providing a robust security framework that ensures data is accessed appropriately based on user roles and permissions.
Since we use `Access` columns to implement RLS and OLS for manager@uk.co, that user cannot access the salesperson data and the visuals created from it and can only access the UK data/visuals.
If you like the article and would like to support me, make sure to:
- 👏 Like for this article and subscribe to our newsletter
- 📰 View more content on my DataSpoof website
- 🔔 Follow Me: LinkedIn| Youtube | Instagram | Twitter
