Enable Row-Level Security (RLS) for Embedded Power BI Dashboard
This article describes how to enable RLS on a Power BI dashboard that is sourced from Microsoft Power BI.
- Configure RLS: In order to enable RLS for embedded Power BI dashboard, you have to set up RLS on your Power BI desktop. See Row-level security with Power BI.
Configure Power BI External Report Type:
- Access Admin > Plugins > External Report Types
- Select Microsoft Power BI
- Set Display Filter Pane for MS Power BI Embedding to "No"
1. Find a User-Identifying Column
Open the dashboard in either Power BI Desktop or the Power BI service.
- Select a column that contains user-identifying information; e.g., email, user_id, to be used to provide filter values in a later step
2. Create a Dataset: New > Dataset
- Provide a Dataset that includes values for the user-identifying information; e.g., a Dataset that includes a list of user email address, user_ids
The values in the Dataset can pull from any valid data source including a spreadsheet, Power BI, or a table holding active directory information. (See Create a Dataset from any Data Source)
3. Create a User Map and Apply Security to the Dataset from Step 2
- Create a User Map that maps the username defined in Metric Insights to the related values in the prior Dataset; e.g., username to email address. (See Apply Access to Datasets via User Maps)
4. Build an External Report with Filters
- Build an External Report (See How to create an External Report from Power BI)
- Define a filter for the External Report (See Pre-filtering Power BI data for External Reports)
- Supply values for the filter using a previously created Dataset
- In Configuration, select Apply based on User Map
- Choose the previously created User Map
- Map filter columns to User Map columns
5. Configure the Filter
Click on the gear icon near the filter name.
- Display in External Report Viewer: "disabled"
- User must select a Filter Value: "enabled"
6. Save & View
As a result of applied RLS, different users see results depending on the configuration established via the User Map:
- The user whose username was tied to the email associated with Canada results sees this view.
- The user whose username was tied to the email associated with the US results sees a different view.