Power BI User Security

Power BI continues to evolve with new features! As previously mentioned, Power BI can easily be integrated into your Dynamics CRM/365 org with the use of tiles. Recently, they have introduced a feature which allows you to display an entire Power BI Dashboard in your Dynamics 365 org. With these features, you may have concerns about user security. For instance, will my Dynamics 365 security roles limit what data users can see? To put it simply, the answer is “No”. But keep reading to find out how you can apply security!

Power BI User Security overview

Power BI is a tool that allows companies to display visuals of their data from multiple applications. For this reason, it would be difficult for the service to attempt to understand the underlying security structure behind each source. So how do you apply end user security? Like other applications, Power BI offers its own security features which you can easily apply to the entire dashboard and datasets. As previously mentioned, you can select which users to share your Dashboards to. Most noteworthy, it offers a feature called Row Level Security, or “RLS”, which can be applied to each dataset.

Row Level Security

At a high level, RLS involves a two-step process:

1. Your power user or admin can manage roles within the Power BI Desktop app to apply to your tables. Not seeing this feature? Make sure you have downloaded the latest version of the Power BI Desktop.

In this example, I’ve created two roles and applied a DAX expression to each. The DAX expression is used to filter data for each role. Your power user or admin can then apply each role to your Tables.

The SalesRep role simply filters data based on Record Owner of the source data = the logged in Power BI user:

The SalesManager role filters data based on Record Owner’s Manager = the logged in Power BI user:

2. Once the report is published to the Power BI Service, your power user or admin can apply the roles for each dataset.

Select the dataset -> Security:

Add users to each role:

When sharing a Dashboard that utilizes RLS behind it’s datasets, the end users will see only what their Power BI role allows. This works whether the Power BI user is viewing the Dashboard from within Power BI or within an external application, such as Dynamics 365.

For more information on RLS, check out this blog on Power BI’s site.
Beringer Technology Group is always here to provide expert knowledge in topics like these. Please contact us with any questions you may have.

[code-snippet name=”blog”]