I am learning to use power bi. I have pubblished my dashboard in the company workspace and I would like to set the security level as follow:
I would like to have users to see a subset of the tabs.
Steps:
Created measure => User Logged in = USERPRINCIPALNAME()
Created an access table: With emails and related page they have acces to Eg.
USER
Pages
ABC#hotmail.com
Page1
DEF#hotmail.com
Page2
Where Page1 and Page2 are The names of the tabs of my dashboards
manage Roles => [User] = USERPRINCIPALNAME()
I shared the dashboard with users.
Users can open the dashboard and see the tabs but the cannot see the content.
Is this the best way of doing it, am i missing som steps or there is a better way?
Thanks for your help
Best practice is to separate your Dataset from your reports. Then you can have two separate reports based on the same Dataset, and can secure them separately.
See Connect to datasets in the Power BI service from Power BI Desktop
So you have one .pbix file with your Dataset and some report pages for testing and development purposes. And two other .pbix files for the two reports.
Related
We just created a rather complex power app which will be used by numerous users (in the company). Although there will be a small team who will handle over viewing the inputs from these users.
The goal is to restrict the users to go into the sharepoint site and delete or edit any records which them or others created. We cannot use any other datasource only sp lists.
I tried creating permissions for specific groups but they don't seem to be working properly.
thank you for your help in advance
Take a look at item level permission on SharePoint, I believe this is what you need
In addition Take a look here as well.
Follow below process:
Create two groups in SharePoint site - Admins and Normal users
On item creation in SharePoint list, run a Power automate flow which will grant Full control access to Admins and only Read permissions to normal users (or just the user who created list item - as per your requirements).
Follow below article for setting permissions for individual list items using power automate: Set Item Level Permission in SharePoint List using Power Automate
Currently I have the following scenario. I have a report in Power BI which reads from a dataset which has data of all companies. In my ASP .NET MVC application the user will select the company for which to display the report and with Power BI Embedded the application filters the report by the ID of the company through the embed config defined in JS (filter parameters passed from server).
I am using app owns data approach where I have a master account and the embed token is generated for the master account.
The user accessing the report does not have access rights to all companies and this is being handled server-side. With this approach however, the user can easily alter the embed config in JS and display the report for a company which he is not authorized to access.
I looked into row-level security and I found the following approach https://community.powerbi.com/t5/Developer/PowerBi-Embedded-API-Works-with-RLS/td-p/231064 where there exists a role for every company and the embed token is generated for that particular company. This would be an ideal approach but in my scenario the companies are not pre-defined and can be created any time. Therefore, I would need to create a role per company. This however cannot be achieved programmatically as Power BI does not provide means to automate role creation.
The only approach I can think of is to clone a report for each new company and create a dataset specific to that report which will only have the data for that particular company. Then the generated embed token will only be valid for that particular report.
Has anyone also experienced this dilemma? Any suggestions what I should do in such scenario?
You still can use RLS, but without roles per company. Use USERPRINCIPALNAME() DAX function to find out which user is viewing the report. In the database make a table to specify which company can be seen by which user and add it to your model. Then use RLS to filter this table to only the row (or rows) where user is current one (here is where USERPRINCIPALNAME() comes into play), and let the relationship between this table and your data tables to filter out what should not be seen. This way there will be no JavaScript filters at all, so nothing can be changed by some malicious user.
See Using the username() or userprincipalname() DAX function.
I have a number of PowerBI dashboards on our SharePoint 2013 online site. We are working on a plan to only display relevant dashboards to the user based on their user group. For example, a salesperson will only see their personal dashboard on the page. I can do this for image viewer, etc., but I cannot figure out how to edit a PowerBI webpart to target an audience. Any suggestions would be most welcomed.
KL
I suggest you to use Row level security.
Select the Modeling tab.
Select Manage Roles.
3.Select Create
4.Provide a name for the role.
5.Select the table that you want to apply a DAX rule.
6.Enter the DAX expressions. This expression should return a true or false. For example: [UserID] = userprincipalname().
And Save.
For this you need a field where the username is registered, means that user has visibility on that row. If you don't have this information, then you will need to add some information to the row, to give visibility to whom deserve it.
After you have created your role, you can test the results of the role within Power BI Desktop. To do this, select View As Roles.
And then play around to check if what you get is what you want.
Hope that helps!
I had to revert the SP page to a Classic interface, then create individual Web Parts for each dashboard on the page, limiting each Web Part by the targeted audience. The Web Parts are not visible on the main Dashboard Portal page unless you are in the targeted audience, so you could see 1 or up to 5 dashboard previews on the page. An individual page was needed for each Power BI dashboard. A user cannot be prevented from seeing the dashboard if they are provided the URL, but hiding the hyperlink and preview screenshot on the Portal page is close enough. This should be easier to execute in SP... Oh well...
I have created a PowerView using a BISM connection in Enterprise Portal of AX. That PowerView report will be used by 100+ users. I want every user to his/her data in the PowerView instead of viewing the complete data. One option is to create 100+ security roles in SSAS (multidimentional) which is not a viable option. Please guide me how can i achieve dynamic security in PowerView so that every user sees its own view. Thanks.
Power View doesn't not offer any kind of security. You will need to do this in SSAS, but you don't need 100+ security roles. You will want to look into dynamic security. To create dynamic security, you will need some way to relate a user to the information they should see. This usually means adding a field to an existing table or creating new tables.
If all users are secured by the same attributes, they can be contained in a single role. If some users are secured based on one attribute and others based upon another attribute, then you may need multiple roles.
Here's how this might work.
Create a table that contains all users that will need access to your cube.
Create a bridge table that ties the users to the attribute on which you are securing their access. For instance, maybe users can only see certain products so you have a table of User IDs and Product IDs.
Add these tables to your DSV.
Create a user dimension.
Create a measure group based upon your security bridge table
Create a role for this user type and add an MDX statement to the Allowed Member Set. Also, set the Enable visual totals checkbox.
Populate the members for the role, preferably through an AD group rather than individually if you have 100+ users.
Your allowed member set will look something like
Exists(
{[Product].[Product ID].members},
STRTOSET("[Users].[UserName].[UserName].&[" + Username() + "]"),
"Bridge User Product"
)
You can find a good blog post here and a good video about SSAS security here (dynamic security starts around the 35 minute mark).
I would like to filter the KPIs shown on a scorecard by the user logged in to SharePoint. Is this possible?
Requirements:
I have several users who own different KPIs
I am developing the performance management app in PerformancePoint planning.
I don't want to create multiple scorecards for each user as this could run into a lot of reports...
I want to direct all the users to one scorecard but it will only show them the relevant KPIs based on the logged in user.
Scorecards will be hosted in MOSS 2007
How can I set this up in PerformancePoint?
Thanks.
If you create one scorecard with all the kpis on there, and only grant access on the KPI level, you'll get a barebones approach to what you want. The data for each KPI that a user does not have access to will show as blank.