The problem with the page navigation - which not a lot of people know, due to how excel etc works, is that in Power BI, you can actually have multiple pages with the exact same name.
Aside RLS RLI would be interesting to. We use RLI as Row Level Intelligence. In our case Sales people are allowed to sales of the colleagues, they can see all details except customer names if it are not customers from their region. In a database this is quite easy to solve with a table valued function, but once in a cube this is quite difficult, we don't want a separate table with customer names per viewer-region. That would solve the tick, but we have 50K customers and 63 regions ....
I’d also be interested in this. Every time I look into OLS I’m baffled why Microsoft have implemented it like they have. I don’t understand why they don’t give the option to just return a blank value and therefore show a proper visual just with no data in the fields/measures that you don’t have permission to. We have reports that show revenue and costs, but only want certain users to see the costs - the obvious thing would be to show the cost columns as blank if you don’t have permission and not doing that means we have to maintain two sets of reports.
@@shamharoth i think rather than using any external tool, it should be implemented in tool itself. Any thoughts?? Amd there are one key features which i think is utmost importance is the ability to navigate from a tooltip and also pass the slicer value when you navigate from one report to other. Any input would be useful here.
@@shamharoth it's like they had a 6-month intern implement it in third-party software and called it a day... Power BI in general still feels like "early access" at times with all the UI changes and half-assed implementations
@@frozentoast5850 fully agree, with BI being a general accepted field for multiple decades now, it is insane that the tools are as immature as they are. Especially with Power BI recognized as "leader" by Gartner
I have this dashboard I am doing RLS on, it is working fine in the pbi Desktop but not on PBI Server. I have given access to the users on the pbi server and added the users to the roles but still when I do Test Role as one of the emails, I cannot see any data/charts. Can I get assistance on this.
Found a bug where if your table has a date format embedded in the table, OLS will throw an error when you try to save your security configuration in Tabular Editor... I put in a PBI Support ticket and through messing with different tables landed on the fact that date format creates hidden tables (I think for Time Intelligence) which OLS does not like. Hopefully, this can be fixed in a future update.
Too bad there isn’t a better way to manage restricted columns/tables rather than this navigation. However, big kudos for showing the case that navigation trick is not secure. Makes sense but I didn’t realize it 😅
Is there any way to allow a role to see all rows in one column, but only a subset of rows in another column? For example a site manager can see headcount for all sites (eg for at least 1 column in the table they can see all rows) but they can only see the "payroll" column for certain rows (eg where site = their site). I think it's only possible if you split up the table.
Hello. I have a two column- comments and created by that contains text values I want to filter only those comments who entered by some specific user that belong to AD group. (This group has SharePoint access permission as members) I am checking by their name manually but I want some solution to filter the name only if user name is belong to that group. So that if new user come it should check automatically. Please reply if you can suggest or anyone in this chat. My datasource is SharePoint.
With Dynamic RLS I solve many problems. But in these days i'm thinking is it possibile to create a "SuperUser" that can bypass all RLS and can view all?
Old would be good if they provide an option to return a default value rather than not show at all. Ie where not permitted return 0 or. Null. Would make it useful
In tableau we us cell level security as you may need to see some data but not specific cell values and it makes the need for OLS and RLS and its workarounds redundant. If your a member of Group A you can see the actual data values...but if your in Group B you see 'confidential' and its controlled within the datasource and not in a DAX masking. Especially useful when your user base is 16k users and dont wat to have to manage users on a case by case basis.
@@wozturner6999 great to know about tablelands. powerbi with the fields parameters and easier row level security now have very effective security from the dataset levels and using tab editor you can apply object level security as well so it is now largely all there like everything there is always room for tweaks
I have a complex dashboard, with multiple pages and they utilize at least 3 or 4 different "slicer sources". For example, I have 3 different filters, on 3 different pages, for "Supervisor", coming from 3 different data sets. When I implement Role-Level Security, it literally destroys my whole Dashboard's data accuracy, because it applies a SINGLE "slicer filter" to ALL pages. How can I fix that? Thanks!
Hi, I have a requirement to build employee dashboard. The user should see the visuals only related to himself/herself not others. How to achieve this on both Power BI desktop and Service. . Also what if the supervisor wants to see all the visuals with respect to subordinates. can someone please help
Create a security role in desktop and the create a dax filter with username(), then assign the role to the dataset in services. Dont forget to add the members for the role.
Not very good solution. 1. I prefer using field parameter then hidden pages. 2. If I have more RLS (e.g. by Regions) and more combination of OLS (e.g. Finance, Sales, etc ...) then Iwould need ALL (!) combinations to have 1 single role for every possible roles (e.g. for every Region, for Global + for Finance, Sales, Finance + Sales etc ...). I still don`t understand why a combination of more RLS + OLS is not possible.
![Yeat & Quavo - 5BRAZY [Official Music Video]](http://i.ytimg.com/vi/4XxnTAwyxus/mqdefault.jpg)
In addition to rls and ols, they really need page level security.
You can build a Pagle level security using rls .
@@abhishekparashar2702 go on....
@@roberttyler2861 go to 4:53 of the video, there's also a video by RADACAD where they demonstrate it in detail.
Instead of creating separate pages, you can put the restricted columns in a field parameter and use the field(s) to link to a UPN.
The problem with the page navigation - which not a lot of people know, due to how excel etc works, is that in Power BI, you can actually have multiple pages with the exact same name.
Great video, so useful to see the John doe authenticated perspective 👍
Hi, can I develop a report with OLS without Tabular Editor?
Aside RLS RLI would be interesting to. We use RLI as Row Level Intelligence. In our case Sales people are allowed to sales of the colleagues, they can see all details except customer names if it are not customers from their region. In a database this is quite easy to solve with a table valued function, but once in a cube this is quite difficult, we don't want a separate table with customer names per viewer-region. That would solve the tick, but we have 50K customers and 63 regions ....
is there any way to hide those visuals with ugly cross mark when ocl gets applied without page navigation?
I’d also be interested in this. Every time I look into OLS I’m baffled why Microsoft have implemented it like they have. I don’t understand why they don’t give the option to just return a blank value and therefore show a proper visual just with no data in the fields/measures that you don’t have permission to. We have reports that show revenue and costs, but only want certain users to see the costs - the obvious thing would be to show the cost columns as blank if you don’t have permission and not doing that means we have to maintain two sets of reports.
@@shamharoth i think rather than using any external tool, it should be implemented in tool itself. Any thoughts?? Amd there are one key features which i think is utmost importance is the ability to navigate from a tooltip and also pass the slicer value when you navigate from one report to other. Any input would be useful here.
@@shamharoth it's like they had a 6-month intern implement it in third-party software and called it a day... Power BI in general still feels like "early access" at times with all the UI changes and half-assed implementations
@@frozentoast5850 fully agree, with BI being a general accepted field for multiple decades now, it is insane that the tools are as immature as they are. Especially with Power BI recognized as "leader" by Gartner
I have this dashboard I am doing RLS on, it is working fine in the pbi Desktop but not on PBI Server. I have given access to the users on the pbi server and added the users to the roles but still when I do Test Role as one of the emails, I cannot see any data/charts. Can I get assistance on this.
Very helpful. Thank you.
hello, how can I can give permission to a user to see only a specific pages in a reporting!!
Found a bug where if your table has a date format embedded in the table, OLS will throw an error when you try to save your security configuration in Tabular Editor... I put in a PBI Support ticket and through messing with different tables landed on the fact that date format creates hidden tables (I think for Time Intelligence) which OLS does not like. Hopefully, this can be fixed in a future update.
I know this is an old comment but did you try disabling time intelligence? That worked for me when I was having the same problem yesterday :)
Too bad there isn’t a better way to manage restricted columns/tables rather than this navigation. However, big kudos for showing the case that navigation trick is not secure. Makes sense but I didn’t realize it 😅
Is there any way to allow a role to see all rows in one column, but only a subset of rows in another column? For example a site manager can see headcount for all sites (eg for at least 1 column in the table they can see all rows) but they can only see the "payroll" column for certain rows (eg where site = their site). I think it's only possible if you split up the table.
Hello.
I have a two column- comments and created by that contains text values
I want to filter only those comments who entered by some specific user that belong to AD group. (This group has SharePoint access permission as members) I am checking by their name manually but I want some solution to filter the name only if user name is belong to that group.
So that if new user come
it should check automatically.
Please reply if you can suggest or anyone in this chat.
My datasource is SharePoint.
With Dynamic RLS I solve many problems. But in these days i'm thinking is it possibile to create a "SuperUser" that can bypass all RLS and can view all?
set workspace access as contributor or admin
How to add row level security in power bi pagenated report...
Old would be good if they provide an option to return a default value rather than not show at all. Ie where not permitted return 0 or. Null. Would make it useful
In tableau we us cell level security as you may need to see some data but not specific cell values and it makes the need for OLS and RLS and its workarounds redundant. If your a member of Group A you can see the actual data values...but if your in Group B you see 'confidential' and its controlled within the datasource and not in a DAX masking. Especially useful when your user base is 16k users and dont wat to have to manage users on a case by case basis.
@@wozturner6999 great to know about tablelands. powerbi with the fields parameters and easier row level security now have very effective security from the dataset levels and using tab editor you can apply object level security as well so it is now largely all there like everything there is always room for tweaks
How do we manage RLS for different reports connected to the same dataset?
RLS is managed at the dataset. Not the reports. So, any RLS applied to a dataset would be used for any reports connected to that dataset.
I have a complex dashboard, with multiple pages and they utilize at least 3 or 4 different "slicer sources". For example, I have 3 different filters, on 3 different pages, for "Supervisor", coming from 3 different data sets. When I implement Role-Level Security, it literally destroys my whole Dashboard's data accuracy, because it applies a SINGLE "slicer filter" to ALL pages. How can I fix that? Thanks!
Do you have sync slicers turned on?
@@joeseroski1095 You can only sync slicers that are coming from a single data set/table. You can't sync slicers coming from different data sets/tables
@@vpenywise Build one data model using conformed dimensions.
Unable to apply Page Level security along with RLS. Can you please provide the pbix file please?
what happens if you have300 or so employees? is it scalable
Hi, I have a requirement to build employee dashboard. The user should see the visuals only related to himself/herself not others. How to achieve this on both Power BI desktop and Service. . Also what if the supervisor wants to see all the visuals with respect to subordinates. can someone please help
Create a security role in desktop and the create a dax filter with username(), then assign the role to the dataset in services. Dont forget to add the members for the role.
This is one of the complex problem in PBI
Sounds complicated 😕
Not very good solution.
1. I prefer using field parameter then hidden pages.
2. If I have more RLS (e.g. by Regions) and more combination of OLS (e.g. Finance, Sales, etc ...) then Iwould need ALL (!) combinations to have 1 single role for every possible roles (e.g. for every Region, for Global + for Finance, Sales, Finance + Sales etc ...). I still don`t understand why a combination of more RLS + OLS is not possible.
Maaaan, you go way to fast, slow down dude, it's like your going at 200MPH! Otherwise, this would be good
haha I had him at 1.75 speed as I thought he was too slow. Every brain is different!
@@theanxiousplanner3516 haha If you played it at 1.75 speed, you wouldn't be able to understand it, so stop trying to be clever