Reporting Hub Knowledge Center
  • Reporting Hub Knowledge Center
  • GETTING STARTED
    • Required Azure Services
    • Deployment Step-by-Step
      • Self-Serve Guided Install
      • Enable Power BI Service Settings
      • Configure Reporting Hub App Settings
      • Set Your Home Page
    • Azure Marketplace Install
  • CONCEPTS
    • Reporting Hub Architecture
    • AaaS end-to-end Architecture
    • Security & Trust Center
  • TUTORIALS
    • Azure Portal Administration
    • App Settings
      • Tenant Admin
        • Tenant Switching
      • Managing Your Subscription
      • Authentication Admin
      • Language Admin
      • SMTP Setup
      • Payment Provider Integrations
      • Notifications Admin
    • Embedded Capacity Admin
      • Switching to a Fabric Capacity
    • Connect Power BI Workspaces
    • Customize Theme
      • Branding (Images and Text)
      • Theme and Layout
      • Colors
        • Colors Overview
      • Fonts
    • Managing Content
      • The Manage Navigation Menu
      • Adding a Category
      • Embedding Power BI Content
      • Row Level Security
      • Search Tags
      • Content Page Options
      • Embedding a URL Page
      • Create Embed URL Links
    • Report Options
      • Create Report Bookmarks
      • Schedule Email Reports
      • Favorites
    • Managing Your Gateway
    • User Management
      • Managing User Access
      • Managing Groups
      • Managing Users in Entra ID
    • Secondary Environment (Test/Prod)
    • Embed the Reporting Hub in Your App
    • Usage Analytics
      • App Usage Tracking with Google Analytics
      • App Usage Tracking with SQL DB
    • App Performance
    • Azure Resource Monitoring
    • Self-Serve Guided Updates
  • Reference
    • What's new in the Reporting Hub?
    • Troubleshooting
    • Support Runbooks
      • Critical System Outage (L1)
      • Users Unable to Access (L2)
      • Content Not Available (L2)
      • Application is slow/getting slower (L2)
      • Capacity not starting/stopping automatically
Powered by GitBook
On this page
  • Assigning RLS Roles In The Reporting Hub
  • Dynamic RLS
  • Semantic Model in Another Workspace
  1. TUTORIALS
  2. Managing Content

Row Level Security

Control row-level access to Power BI content

PreviousEmbedding Power BI ContentNextSearch Tags

Last updated 5 months ago

Row Level Security (RLS) allows you to limit the viewable information within a Power BI Report at the row-of-data level for specific user roles. For example, if your company has an Eastern and Western division, you may wish to restrict access so that Eastern users only see Eastern Data, and Western users see Western Data.

You’ll be able to assign Roles based on those you’ve created within Power BI. To learn how to create Roles in Power BI, see this Microsoft tutorial:

Assigning RLS Roles In The Reporting Hub

Once you've created your Roles in Power BI, you can assign them to Groups/Users of your Reporting Hub tenant(s). To do so:

  1. When assigning access permission, the Reporting Hub will detect if your report has Row Level Security enabled within Power BI. Under the Groups/Users Selected header, you will be asked to assign a Role for each Group/User.

  2. Click the eye icon to preview how your Power BI report will look according to the Role you’ve assigned.

  3. Click Save

Note: If Role Level Security has been enabled for your Report within Power BI, you must assign Roles to your Groups/Users in order to Save.

Note: Make sure you don't have special characters in the name of RLS roles. That can cause issues while configuring the report and applying the roles to user groups.

Good to know: The Reporting Hub supports both standard RLS and dynamic RLS for more complex scenarios.

Dynamic RLS

If you utilize a DAX identity function, like USERPRINCIPALNAME() or USERNAME(), you need to add a security role to your Power BI model. This will allow the Reporting Hub to pass along the correct user identity in the embedded report. If you don't need to filter any tables, create an empty security role in your Power BI model.

Semantic Model in Another Workspace

Follow the standard process.

The Reporting Hub will pass along your users' identity attribute as the property that the DAX identity function will display. For Entra ID-based authentication methods, this is what's called the User Principal Name in Entra ID; for internal users, this is usually an email address. For Auth0, this is the user id object by default, but you can configure your authentication scheme to return another field by . You can always check what a DAX identity function returns for you by uploading a report that contains a measure like username = USERNAME().

If your report is in a different workspace than its underlying semantic model and that model has RLS roles defined on it, you must ensure both workspaces are added to your Reporting Hub tenant. .

Embedding Power BI Content
Learn how to connect additional Power BI Workspaces with your Reporting Hub
Row-level security (RLS) with Power BI - Power BIdocsmsft
Row-Level Security tutorial
Logo
using the Custom ID field option
Assigning roles to report groups/users
An empty role definition