Enable Row-Level Security (RLS) for Embedded Power BI Dashboard

This article describes how to enable RLS on a Power BI dashboard that is sourced from Microsoft Power BI.

PREREQUISITES:

  • Configure RLS: In order to enable RLS for embedded Power BI dashboard, you have to set up RLS on your Power BI desktop. See Row-level security with Power BI.
  • Configure Power BI External Report Type:
    1. Access Admin > Plugins > External Report Types
    2. Select Microsoft Power BI
    3. Set Display Filter Pane for MS Power BI Embedding to "No"

1. Find a User-Identifying Column

Open the dashboard in either Power BI Desktop or the Power BI service.

  1. Select a column that contains user-identifying information; e.g., email, user_id, to be used to provide filter values in a later step

2. Create a Dataset: New > Dataset

  1. Provide a Dataset that includes values for the user-identifying information; e.g., a Dataset that includes a list of user email address, user_ids

The values in the Dataset can pull from any valid data source including  a spreadsheet, Power BI, or a table holding active directory information. (See Create a Dataset from any Data Source)

3. Create a User Map and Apply Security to the Dataset from Step 2

  1. Create a User Map that maps the username defined in Metric Insights to the related values in the prior Dataset; e.g., username to  email address. (See Apply Access to Datasets via User Maps)

4. Build an External Report with Filters

  1. Build an External Report (See How to create an External Report from Power BI)
  2. Define a filter for the External Report (See Pre-filtering Power BI data for External Reports)
  3. Supply values for the filter using a previously created Dataset
  4. In Configuration, select Apply based on User Map
  5. Choose the previously created User Map
  6. Map filter columns to User Map columns

5. Configure the Filter

Click on the gear icon near the filter name.

  1. Display in External Report Viewer: "disabled"
  2. User must select a Filter Value: "enabled"

6. Save & View

As a result of applied RLS, different users see results depending on the configuration established via the User Map:

  • The user whose username was tied to the email associated with Canada results sees this view.
  • The user whose username was tied to the email associated with the US results sees a different view.