Object Level Security in Power BI

  • Published
  • Posted in Power BI
  • Updated
  • 3 mins read

The Object Level Security is a feature that has been introduced in Power BI in February 2021. This feature restricts access to sensitive tables and columns. Sensitive data includes the information that can identified personally.  It means that it enables the definition of security groups that have no visibility over part of the data that you have in the model. The defined columns or entire table should be hidden to a few users. When you do that every calculation that based on the columns or tables is hidden to the users. Also in the view of report users, the columns or tables simply does not exist.

In this blog, I’m sharing how to define Object Level Security and what are the consequences for the user that consume the data.

Enabling Object Level Security

Object Level Security is defined within model roles. Currently OLS definitions are not created natively in Power BI Desktop, but external tools such as Tabular Editor can set OLS rules on Power BI Desktop datasets, Tabular Editor is an external tool to manage tabular models and define OLS rules for a dataset.

To configure Object Level Security

Before configuring it, you need to install Tabular Editor, if you don’t see the Tabular Editor button  on External Tools ribbon. You can download it from the link given  tabulareditor.github.io.  When open, Tabular Editor will automatically connect to your model.

In Power BI desktop, create the roles which will define OLS rules. Click Manage Roles button in the modeling tab on the ribbon. We can create, delete, rename or duplicate the roles in Manage roles window.

Power BI doesn’t have a user interface to create object level security. So we need to go with Tabular Editor. Click Tabular Editor on External Tools.

Tabular Editor is able to modify the properties that are not exposed in Power BI. 

The roles created will appear in Tabular Editor and its properties will appear if we select a particular role. Edit the rule to None or Read

If you need to apply security in columns, select columns in the model pane, then go to property and select role from the properties pane. Edit rule to None or Read.

After you’ve defined object-level security for the roles, save your changes.

Publish your dataset to the Power BI service from Power BI Desktop. In the Power BI service, select the Security by selecting the more options menu on the dataset. Assign the members or groups to their appropriate roles, and click Save.

 

Praisy Joy
Data Analyst
Addend Analytics

Addend Analytics is a Microsoft Gold Partner based in Mumbai, India, and a branch office in the U.S.

Addend has successfully implemented 100+ Microsoft Power BI and Business Central projects for 100+ clients across sectors like Financial Services, Banking, Insurance, Retail, Sales, Manufacturing, Real estate, Logistics, and Healthcare in countries like the US, Europe, Switzerland, and Australia.

Get a free consultation now by emailing us or contacting us.