You are currently viewing Row Level Security and Object Level Security Together in Power BI

Row Level Security and Object Level Security Together in Power BI

Loading

Power BI is a powerful business intelligence tool that allows organizations to transform data into actionable insights. With its ability to create interactive reports and dashboards, Power BI is widely used for data analysis and visualization. However, as organizations grow larger and more users access these reports, it is important to implement security measures that ensure data is only accessible to those with the proper permissions. Two key security features in Power BI that help achieve this are row-level security (RLS) and object-level security (OLS).

Row Level Security

Row-level security (RLS) is a feature in Power BI that restricts data access at the row level. This means that users can only see data that is relevant to them based on defined roles and filters. RLS is particularly useful in scenarios where different users or groups should only have access to specific subsets of data.

For example: consider a company that has sales data from multiple regions. The company wants to ensure that sales managers can only see data related to their respective regions. By implementing RLS, the sales manager of the North region will only see data from the North, while the sales manager of the South region will only see data from the South.

Object Level Security

Object-level security (OLS) in Power BI controls access to specific objects within the data model, such as tables, columns, or measures. OLS ensures that users can only view or interact with the objects they are allowed to access. This is especially important when you have sensitive or confidential data that should not be exposed to all users, even if they have access to reports.

For example: consider a scenario where you have a table with employee salary information. You want some users to access the overall sales data but restrict access to salary details. OLS allows you to hide the entire table or specific columns from unauthorized users.

Combining Row-Level & Object Level Security

While RLS and OLS are powerful on their own, combining them provides a more comprehensive security solution. By integrating RLS and OLS, you can ensure that users see only the data they are authorized to see, at both the row and object levels. This is particularly important in scenarios where both data sensitivity and the granularity of access control are critical.

Steps to Implement RLS &OLS Together

Pre-requisite: A sales dashboard (.pbix file) which you can download from here.

Step 1: Open Power BI file in Power BI Desktop

Step 2: Go to Modeling tab and select Manage roles to create role

Step 3: Click on New to create role and named it RLS+OLS (optional); select table and click on New in Filter data

Implementing RLS

Step 4: select column (Access) and their respective value; hit Save button

Implementing OLS

Step 5: Go to External tools and select Tabular Editor to restrict the actions on specific role

Step 6: Expand Tables > sales_data_rls_ols > Salesperson and scroll-down till end

Scroll-Down

Step 7: Expand Object Level Security and click on dropdown with Default to select None; Save it using ctrl+s and close it

Step 8: Go to Modeling and select View as

Step 9: select RLS+OLS and click on OK

Output:

Conclusion:

Row-level security (RLS) and object-level security (OLS) are essential tools for managing data access in Power BI. While they are powerful individually, their true strength lies in their ability to work together, providing a robust security framework that ensures data is accessed appropriately based on user roles and permissions.

Since we use `Access` columns to implement RLS and OLS for manager@uk.co, that user cannot access the salesperson data and the visuals created from it and can only access the UK data/visuals.

If you like the article and would like to support me, make sure to: