The Object Level Security is a feature that has been introduced in Power BI in February 2021. This feature restricts access to sensitive tables and columns. Sensitive data includes the information that can identified personally. It means that it enables the definition of security groups that have no visibility over part of the data that you have in the model. The defined columns or entire table should be hidden to a few users. When you do that every calculation that based on the columns or tables is hidden to the users. Also in the view of report users, the columns or tables simply does not exist.
In this blog, I’m sharing how to define Object Level Security and what are the consequences for the user that consume the data.
Enabling Object Level Security
Object Level Security is defined within model roles. Currently OLS definitions are not created natively in Power BI Desktop, but external tools such as Tabular Editor can set OLS rules on Power BI Desktop datasets, Tabular Editor is an external tool to manage tabular models and define OLS rules for a dataset.
To configure Object Level Security
Before configuring it, you need to install Tabular Editor, if you don’t see the Tabular Editor button on External Tools ribbon. You can download it from the link given tabulareditor.github.io. When open, Tabular Editor will automatically connect to your model.
In Power BI desktop, create the roles which will define OLS rules. Click Manage Roles button in the modeling tab on the ribbon. We can create, delete, rename or duplicate the roles in Manage roles window.
Power BI doesn’t have a user interface to create object level security. So we need to go with Tabular Editor. Click Tabular Editor on External Tools.
Tabular Editor is able to modify the properties that are not exposed in Power BI.
The roles created will appear in Tabular Editor and its properties will appear if we select a particular role. Edit the rule to None or Read
If you need to apply security in columns, select columns in the model pane, then go to property and select role from the properties pane. Edit rule to None or Read.
After you’ve defined object-level security for the roles, save your changes.
Publish your dataset to Power BI service from Power BI Desktop. In the Power BI service, select the Security by selecting the more options menu on the dataset. Assign the members or groups to their appropriate roles, and click Save.
Addend Analytics is a Microsoft Power BI Gold Partner based in Mumbai, India. Apart from being authorized for Power BI implementations, Addend has successfully executed Power BI projects for 100+ clients across sectors like Financial Services, Banking, Insurance, Retail, Sales, Manufacturing, Real estate, Logistics, and Healthcare in countries like the US, Europe, Switzerland, and Australia. Get a free consultation now by emailing us at firstname.lastname@example.org or Contact us.