Grzegorz Strzyminski on 27 Nov 2024 21:48:17
A great addition to the RLS in Power BI could be Visual-Level Security: granting users different access to data based on the visual.
Consider this scenario: User A only has access to sales data for Poland. User B has access to sales data for the whole EU. In table X on a report page there is Sales Amount and Profit in $ by country, while in table Y on the same page there is Profit Margin % (Sales/Profit) by country. To user B we want show all the data in both pages that the user has access to in RLS. But to user A, we want to show just Poland for table X (absolute numbers) but for table Y we want to show him Profit Margin not only for Poland, but also France, Germany, UK so that the user knows how his region is doing vs other countries in the region but without showing the Poland user the absolute numbers for France, Germany, UK(from table X).
This can already be achieved using a combination of a user-visual mapping table, RLS, visual-level filters and a calculation group. I'm linking the materials to a proposed working implementation in at the bottom of this post.
But VLS could be made even more user friendly and intuitive if the idea would make it to the development roadmap of Power BI. Parts of the current framework for VLS could likely be reused / be an inspiration / have an UI put over them to make them more user friendly:
- assigning roles/users to an automatic list of visuals,
- choosing the behaviour of what happens when a user sees a visual they don't have access to / a visual not tagged with Access Scope - blank out the visual, return errors, assume least privilege access. Currently this is handled by a calculation group.
Resources:
- Mechanism of VLS: https://www.youtube.com/watch?v=1b9GBfJKelY
- Robustness of VLS: https://www.youtube.com/watch?v=JfoYluZTo2w&t=8s