RLS in datamarts - where is the DAX option?

Question

in PBI Desktop, it's possible to configure the RLS by Manage Roles and writing the DAX expression for example [Email] = userprincipalname()

But how to secure the datamarts? So that if a user connects to this datamart from PBI Desktop, they can only see the data they are entitled to. I would like to create Roles for a datamart and use DAX in the same way as I able to use it in PBI Desktop.

Official documentation doesnt mention anything about DAX related to datamart security: https://learn.microsoft.com/en-us/power-bi/transform-model/datamarts/datamarts-access-control#row-level-security

Any input will be much appreciated Thank you

David Browne - Microsoft · Answer 1 · 2023-07-01T16:07:16.157

2

Per the docs

Row-level security (RLS) can be used to restrict data access for specified users to a datamart. Filters restrict data access at the row level, and you can define filters within roles. In the Power BI service, members of a workspace have access to datamarts in the workspace, and RLS doesn't restrict such data access.

You can configure RLS for datamarts in the Datamart editor. The configured RLS on datamarts automatically gets applied to downstream items, including the auto-generated datasets and reports.

Control access to datamarts - Row Level Security RLS in the Datamart is simplified because it's enforced both in the Dataset an in the SQL endpoint.

But if you "would like to create Roles for a datamart and use DAX in the same way as I able to use it in PBI Desktop.", then open up Power BI Desktop, connect to the Datamart SQL endpoint, and build the Dataset like you would for SQL Server.

edited Jul 01 '23 at 16:07

answered Jul 01 '23 at 15:49

David Browne - Microsoft

80,331
6
39
67

Thank you David. However, we want to prepare the roles on the datamart level (and add relevand AAD groups to these roles in the PBI service). The end user would simply connect to this datamart from PBI desktop and create their report - they would be not creating any roles. And since the RLS is setup on the datamart level, the end user would only see the data they have rights to. Is this possible? Our whole idea of migrating our current BI solution to PBI depends on the RLS functionality on the datamart level. Thank you for any clarification. – malval Jul 01 '23 at 20:14
1

Yes. Datamarts have RLS. And if the RLS capabilities of the Datamart aren’t flexible enough, you can create a custom Dataset using the Datamart’s SQL endpoint. – David Browne - Microsoft Jul 01 '23 at 23:34
1

Many thanks. I am specifially interested in using DAX when configuring datamarts RLS in the PBI service - which is not available now. My use case is configuring groups based on Userprincipalname(), which is only possible to set up in PBI desktop. Datamarts RLS security editor - Manage roles - does not have the DAX option. – malval Jul 02 '23 at 08:27

score 0 · Answer 2 · answered Jul 18 '23 at 08:03

0

The DAX option is available in datamarts again, I guess it was just temporarily switched off by Microsoft.

answered Jul 18 '23 at 08:03

malval

29
6

RLS in datamarts - where is the DAX option?

2 Answers2