0% found this document useful (0 votes)
190 views6 pages

Access and Permissions For Power BI

Access and Permissions for Power BI

Uploaded by

viz.jul1981
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
190 views6 pages

Access and Permissions For Power BI

Access and Permissions for Power BI

Uploaded by

viz.jul1981
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Access and Permissions for Power BI

Table of Contents
1. Workspace Access and Roles.....................................................................2
2. App Permissions.........................................................................................3
3. Dataset Permissions...................................................................................5
4. Row-Level Security.....................................................................................5
5. Recommendation.......................................................................................6
6. Useful links.................................................................................................6
1. Workspace Access and Roles

Key notes:
 Giving access to a workspace allows a user to see everything within the
workspace. End business users should not be given access to the workspace
itself (any environment).
 In development and potentially the test workspace, developers should have
workspace level access.
To add or remove individuals or groups to a workspace, navigate to the access icon
on the top right corner of the workspace page and select access. Workspaces allow
you to assign roles to individuals, and to user groups such as security groups,
Microsoft 365 groups, and distribution lists.
If you have permission to grant access to other users, you will find the roles below:

 Roles in Power BI Workspace


Capability Admin Member Contributor Viewer
Update and delete the workspace. X
Add/remove people, including other admins. X
Allow Contributors to update the app for the workspace X
Add members or others with lower permissions. X X
Publish, unpublish, and change permissions for an app X X
Update an app. X X
Share an item or share an app X X
Allow others to reshare items X X
Manage dataset permissions X X
Feature dashboards and reports X X X
Create, edit, and delete content, such as reports, in the workspace. X X X
Publish reports to the workspace, delete content. X X X
Create a report in another workspace based on a dataset in this
X X X
workspace
Copy a report X X X
Create metrics based on a dataset in the workspace X X X
View and interact with an item X X X X
Read data stored in workspace dataflows X X X X

2. App Permissions
Keynote: You can grant access to users for an App, but they don’t necessarily need
to have access to the workspace.
App access should be given to users and consumers of the data. By giving access to
an App, you can restrict access for users to only see a specific section or
department within the organization.
While creating an App, you can manage your audience, and for each audience
group, you may grant access to either all people in your organization or specific
users or groups. You can also expand the Advanced option to configure the
following:
 Allow users to share the datasets in this app: This option gives app
consumers permission to share the app and underlying datasets of the app
audience.
 Allow users to build content with the datasets in this app: This option
lets your app consumers create their own reports and dashboards based on
the app audience datasets.
You can also share the published app by selecting the Copy link button at the
bottom of the Setup page. That creates a shareable app link to share with your app
consumers

To further manage app access requests, you can find in the Apps list page, select
More Options (…) next to an app, then select manage permissions.
The Permission management page contains these tabs:
 Direct access: Lists all the users who already have access to the app.
 Pending access: Lists all pending requests.
3. Dataset Permissions
Permission Description

Read/App Allows user to access reports that read data from the dataset.
Allows user to build new content from the dataset, as well as find content that uses the
Build
dataset.
Allows user to share the content of the dataset with other users who will get read,
Reshare
reshare, or build permissions for it.
Write Allows user to view and modify dataset metadata.

 Dataset permissions are acquired implicitly via workspace role

Workspace Role
Admin Member Contributor Viewer
Read Yes Yes Yes Yes
Build Yes Yes Yes No
Reshare Yes Yes No No
Write Yes Yes Yes No

 Dataset permissions can be granted by a user with an Admin or Member role in


the workspace using the manage permissions page.
 Users may acquire permissions on a dataset used in an app if the app owner
allows this in the app permissions configuration.
 Row-level security may affect the ability of users with read or build permission
on a dataset to read data from the dataset.

o When RLS isn't defined on the dataset, users with write, read, or build
permission on the dataset can read data from the dataset.
o When RLS is defined on the dataset:
- Users with only read or build permission on the dataset will not be
able to read data from the dataset unless they belong to one of its
RLS roles.
- Users with write permission on the dataset will be able to read
data from the dataset regardless of whether or not they belong to
any of its RLS roles.

4. Row-Level Security
Row-level security (RLS) with Power BI can be used to restrict data access for given
users. Filters restrict data access at the row level, and you can define filters within
roles. In the Power BI service, members of a workspace have access to datasets in
the workspace. RLS doesn't restrict this data access.

Practical Example: If you publish your Power BI Desktop report to a workspace in


the Power BI service, the RLS roles are applied to members who are assigned to
the Viewer role in the workspace. Even if Viewers are given Build permissions to the
dataset, RLS still applies. For example, if Viewers with Build permissions use Analyze
in Excel, their view of the data will be protected by RLS. Workspace members
assigned Admin, Member, or Contributor have edit permission for the dataset and,
therefore, RLS doesn’t apply to them. If you want RLS to apply to people in a
workspace, you can only assign them the Viewer role. Read more about roles in
workspaces.
https://learn.microsoft.com/en-us/power-bi/enterprise/service-admin-rls

5. Recommendation
The recommendation for managing access and permissions within Power BI is by
using Security Groups. In that way you will be able to easily manage and control
access to users from different departments, groups, and hierarchy. As shown
previously in this document, you can assign a security group to a specific App,
workspace or even setup-up a RLS within the dataset for different security groups.
Users that will only consume data and not be part of development should be only
given access to Power BI APP.
Developers should be given access to the DEV workspace and potentially to TEST
and PROD workspaces.

6. Useful links
Create reports based on datasets from different workspaces - Power BI | Microsoft
Learn
Copy reports from other apps or workspaces - Power BI | Microsoft Learn
Control the use of datasets across workspaces - Power BI | Microsoft Learn
Intro to datasets across workspaces - Power BI | Microsoft Learn

You might also like