THE SUCCESS PATH INSTITUTE OF TECHNOLOGIES

MARATHA HALLI, BANGALORE-37,9742369296

Power BI (RLS) Row Level Security

Row-level security (RLS) with Power BI

Row-level security (RLS) with Power BI can be used to restrict data access for
given users. Filters restrict data access at the row level, and you can define filters
within roles. Be aware that in the Power BI service, members of a workspace have
access to datasets in the workspace. RLS doesn't restrict this data access.

You can configure RLS for data models imported into Power BI with Power BI
Desktop. You can also configure RLS on datasets that are using DirectQuery, such
as SQL Server.
Previously, you were only able to implement RLS within on-premises Analysis
Services models outside of Power BI. For Analysis Services live connections, you
configure Row-level security on the on-premises model. The security option will not
show up for live connection datasets.
Define roles and rules in Power BI Desktop
You can define roles and rules within Power BI Desktop. When you publish to
Power BI, it also publishes the role definitions.

To define security roles, follow these steps.

1. Import data into your Power BI Desktop report, or configure a

DirectQuery connection.

NoteYou can't define roles within Power BI Desktop for Analysis

Services live connections. You need to do that within the Analysis
Services model.

2. Select the Modeling tab.

3. Select Manage Roles.

4. Select Create.
 5. Provide a name for the role.
6. Select the table that you want to apply a DAX rule.
7. Enter the DAX expressions. This expression should return a true or false. For
example:
[Entity ID] = “Value”.
NoteYou can use username() within this expression. Be aware that
username() has the format of DOMAIN\username within Power BI Desktop.
Within the Power BI service and Power BI Report Server, it's in the format of
the user's User Principal Name (UPN). Alternatively, you can use
userprincipalname(), which always returns the user in the format of their user
principal name, [email protected].

8. After you have created the DAX expression, you can select the check
above the expression box to validate the expression.

Note:In this expression box, you use commas to separate DAX function
arguments even if you're using a locale that normally uses semicolon
separators (e.g. French or German).

9. Select Save.

You can enable dynamic security within Power BI Desktop by making use of
the username() or userprincipalname() DAX functions and having the proper
relationships configured.

By default, row-level security filtering uses single-directional filters, regardless of

whether the relationships are set to single direction or bi-directional. You can
manually enable bi- directional cross-filter with row-level security by selecting the
relationship and checking the Apply security filter in both directions checkbox.
You should check this box when your've also implemented dynamic row-level
security at the server level, where row-level security is based on user name or
login ID.
Validate the roles within Power BI Desktop
After you've created your roles, test the results of the roles within Power BI Desktop.

1. Select View As Roles.

In View as roles, you see the roles you've created.

2. Select a role you created > OK to apply that role. The report renders the data
relevant for that role.
3. You can also select Other user and supply a given user. It's best to supply
the User Principal Name (UPN) as that's what the Power BI service and
Power BI Report Server use.

4. Select OK and the report renders based on what that user can see.

Within Power BI Desktop, Other user only displays different results if you're using
dynamic security based on your DAX expressions.
Manage security on your model
To manage security on your data model, you will want to do the following.

1. Select the ellipse (…) for a dataset.

2. Select Security.

This will take you to the RLS page for you to add members to a role you created in
Power BI Desktop. Only the owners of the dataset will see Security available. If the
dataset is in a Group, only Administrators of the group will see the security option.
You can only create or modify roles within Power BI Desktop.
Working with members
Add members

You can add a member to the role by typing in the email address, or name, of the
user, security group or distribution list you want to add. You cannot add Groups
created within Power BI. You can add members external to your organization.

You can also see how many members are part of the role by the number in
parenthesis next to the role name, or next to Members.

Remove members

You can remove members by selecting the X next to their name.

Validating the role within the Power BI service

You can validate that the role you defined is working correctly by testing the role.
1. Select More options (...) next to the role.
2. Select Test data as role

You will then see reports that are available for this role. Dashboards are not
presented in this view. In the blue bar above, you will see what is being applied.
You can test other roles, or combination of roles, by selecting Now viewing as.

You can choose to view data as a specific person, or you can select a
combination of available roles to validate they are working.

To return to normal viewing, select Back to Row-Level Security.

Using the username() or userprincipalname() DAX function
functions username() or userprincipalname() within your dataset. You can use
them within expressions in Power BI Desktop. When you publish your model, it will
be used within the Power BI service.

Within Power BI Desktop, username() will return a user in the format

of DOMAIN\User and userprincipalname() will return a user in the
format of [email protected].

Within the Power BI service, username() and userprincipalname() will both return
the user's User Principal Name (UPN).
Using RLS with workspaces in Power BI
If you publish your Power BI Desktop report to a workspace within the Power BI
service, the roles will be applied to read-only members. You will need to indicate that
members can only view Power BI content within the workspace settings.

Warning

If you have configured the workspace so that members have edit permissions, the
RLS roles will not be applied to them. Users will be able to see all of the data.
Limitations
Following is a list of the current limitations for row-level security on cloud models.

 If you previously defined roles and rules in the Power BI service, you must
re-create them in Power BI Desktop.
 You can define RLS only on the datasets created with Power BI Desktop. If
you want to enable RLS for datasets created with Excel, you must convert your
files into Power BI Desktop (PBIX) files first.
 Only Import and DirectQuery connections are supported. Live connections to
Analysis Services are handled in the on-premises model.

Workaround: Republish the Power BI Desktop file from the Power BI service until
this issue is resolved. You can do that by selecting Get Data > Files.

RLS Interview Questions

Q): What if I had previously created roles and rules for a dataset in the Power
BI service? Will they still work if I do nothing?
A: No, visuals will not render properly. You will have to re-create the roles and
rules within Power BI Desktop and then publish to the Power BI service.
Q): Can I create these roles for Analysis Services data sources?
A: You can if you imported the data into Power BI Desktop. If you are using a live
connection, you will not be able to configure RLS within the Power BI service. This is
defined within the Analysis Services model on-premises.
Q): Can I use RLS to limit the columns or measures accessible by my users?
A: No, if a user has access to a particular row of data, they can see all the
columns of data for that row.
Q): Does RLS let me hide detailed data but give access to data summarized in
visuals? A: No, you secure individual rows of data but users can always see
either the details or the summarized data.
Q) : My data source already has security roles defined (for example SQL
Server roles or SAP BW roles). What is the relationship between these and
RLS?
A: depends on whether you're importing data or using DirectQuery. If you're importing
data into your Power BI dataset, the security roles in your data source aren't
used.define RLS to enforce security rules for users who connect in Power BI. If you're
using DirectQuery, the security roles in your data source are used. When a user opens
a report Power BI sends a query to the underlying data source, which applies security
rules to the data based on the user's credentials.
What is a Multidimensional schema?
Multidimensional schema is especially designed to model data warehouse systems.
The schemas are designed to address the unique needs of very large databases
designed for the analytical purpose (OLAP).
Types of Data Warehouse Schema:
Following are 3 chief types of multidimensional schemas each having its unique
advantages.
 Star Schema
 Snowflake Schema
 Galaxy Schema
What is a Star Schema?
In the Star Schema, the center of the star can have one fact table and a number of
associated dimension tables It is known as star schema. The star schema is the
simplest type of Data Warehouse schema. It is also known as Star Join Schema and
is optimized for querying large data sets.

Characteristics of Star Schema:

 Every dimension in a star schema is represented with the only one-dimension table.
 The dimension table should contain the set of attributes.
 The dimension table is joined to the fact table using a foreign key
 The dimension table are not joined to each other
 Fact table would contain key and measure
 The Star schema is easy to understand and provides optimal disk usage.
 The dimension tables are not normalized. For instance, in the above
figure, Country_ID does not have Country lookup table as an OLTP
design would have.
 The schema is widely supported by BI Tools

What is a Snowflake Schema?

A Snowflake Schema is an extension of a Star Schema, and it adds additional
dimensions It is called snowflake. The dimension tables are normalized which splits
data into additional tables. In the following example, Country is further normalized
into an individual table.
Characteristics of Snowflake Schema:

 The main benefit of the snowflake schema it uses smaller disk space.
 Easier to implement a dimension is added to the Schema
 Due to multiple tables query performance is reduced
 The primary challenge that you will face while using the snowflake Schema
is that you need to perform more maintenance efforts because of the more
lookup tables.

Star Vs Snowflake Schema: Key Differences

Star Schema Snow Flake Schema

Hierarchies for the dimensions are stored Hierarchies are divided into separate tables.
in the dimensional table.

It contains a fact table surrounded One fact table surrounded by dimension

by dimension tables. table which are in turn surrounded by
dimension table

In a star schema, only single join A snowflake schema requires many

creates the relationship between the joins to fetch the data.
fact table and any dimension tables.

Simple DB Design. Very Complex DB Design.

Denormalized Data structure and query Normalized Data Structure.

also run faster.

High level of Data redundancy Very low-level data redundancy

Single Dimension table contains Data Split into different Dimension Tables.
aggregated data.

Cube processing is faster. Cube processing might be slow because of

the complex join.

Offers higher performing queries using
Star
Join Query Optimization. Tables
may be connected with multiple
dimensions.
The Snow Flake Schema is represented by
centralized fact table which
unlikely connected with multiple
dimensions.

What is a Galaxy schema?

A Galaxy Schema contains two fact tables that shares dimension tables. It is also
called Fact Constellation Schema. The schema is viewed as a collection of stars
hence the name Galaxy Schema.
As you can see in above figure, there are two facts table
1. Revenue
2. Product.
In Galaxy schema shares dimensions are called Conformed Dimensions.
Characteristics of Galaxy Schema:

 The dimensions in this schema are separated into separate dimensions

based on the various levels of hierarchy.
 For example, if geography has four levels of hierarchy like region, country,
state, and city then Galaxy schema should have four dimensions.
 Moreover, it is possible to build this type of schema by splitting the one-star
schema into more Star schemes.
 The dimensions are large in this schema which is needed to build based on
the levels of hierarchy.
 This schema is helpful for aggregating fact tables for better understanding.

What is Star Cluster Schema?

Snowflake schema contains fully expanded hierarchies. However, this can add
complexity to the Schema and requires extra joins.star schema contains fully
collapsed hierarchies, which may lead to redundancy. So, the best solution may be a
balance between these two schemas which is star cluster schema design.

Overlapping dimensions can be found as forks in hierarchies. A fork happens

when an entity acts as a parent in two different dimensional hierarchies. Fork entities
then identified as classification with one-to-many relationships.
 Create key performance indicator (KPI)
visualizations
A Key Performance Indicator (KPI) is a visual cue that communicates the amount of
progress made toward a measurable goal. How to create single metric visuals:
gauges, cards, and KPIs.

When to use a KPI

KPIs are a great choice:
 To measure progress. Answers the question, "What am I ahead or behind on?"
 To measure distance to a goal. Answers the question, "How far ahead or behind am I?"
KPI requirements
A designer bases a KPI visual on a specific measure. The intention of the KPI is to
help you evaluate the current value and status of a metric against a defined target. A
KPI visual requires a base measure that evaluates to a value, a target measure
or value, and a threshold or goal.
A KPI dataset needs to contain goal values for a KPI. If your dataset doesn't contain
goal values, you can create them by adding an Excel sheet with goals to your data
model or PBIX file.
1. From the upper left section of the menubar, select File > Open
2. Find your copy of the Retail Analysis sample PBIX file

3. Open the Retail Analysis sample PBIX file in report view.

4. Select + to add a new page.

How to create a KPI

Example: you'll create a KPI that measures the progress you've made toward a sales goal.

1. From the Fields pane, select Sales > Total Units This Year. This value will be
the indicator.
2. Add Time > FiscalMonth. This value will represent the trend.
3. In the upper-right corner of the visual, select the ellipsis and check that Power
BI sorted the columns in ascending order by FiscalMonth.

Important: Once you convert the visualization to a KPI, there's no option to

sort. You must sort it correctly now.

Once sorted correctly, your visual will look like this:

 4. Convert the visual to a KPI by selecting the KPI icon from the Visualization pane.

5. To add a goal, drag Total Units Last Year to the Target goals field.

6. Optionally, format the KPI by selecting the paint roller icon to open the
Formatting pane.

 Indicator - controls the indicator’s display units and decimal places.

 Trend axis - when set to on, the visual shows the trend axis as the
background of the KPI visual.
 Goals - when set to on, the visual shows the goal and the distance
from the goal as a percentage.
 Color coding > Direction - people consider some KPIs better for
higher values and consider some better for lower values. For example,
earnings versus wait time. Typically a higher value of earnings is better
versus a higher value of wait time. Select high is good and, optionally,
change the color settings.

KPIs are also available in the Power BI service and on your mobile devices.

Considerations and troubleshooting

 If your KPI doesn't look like the one above, it may be because you
didn't sort by FiscalMonth. KPIs don't have a sort option.
 You'll need to start again and sort by FiscalMonth before you convert your
visualization to a KPI.
THE SUCCESS PATH INSTITUTE OF TECHNOLOGIES
MARATHA HALLI, BANGALORE-37,9742369296