Scribd
Upload
264 views15 pages

DP 600t00a Enu Powerpoint 08

The document discusses enforcing security in Power BI models. It covers restricting access to model data with row-level security (RLS) and restricting access to model objects with object-level security (OLS). It also provides best practices for enforcing model security such as applying rules to dimension tables rather than fact tables, validating roles, and using dynamic rules. The document contains knowledge checks and an exercise related to these techniques.

Uploaded by

wciscato
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
264 views15 pages

DP 600t00a Enu Powerpoint 08

The document discusses enforcing security in Power BI models. It covers restricting access to model data with row-level security (RLS) and restricting access to model objects with object-level security (OLS). It also provides best practices for enforcing model security such as applying rules to dimension tables rather than fact tables, validating roles, and using dynamic rules. The document contains knowledge checks and an exercise related to these techniques.

Uploaded by

wciscato
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

DP-600: Microsoft Fabric

Analytics Engineer

© Copyright Microsoft Corporation. All rights reserved.


Enforce semantic model
security

© Copyright Microsoft Corporation. All rights reserved.


•Restrict access to Power BI model
data with RLS.
Learning •Restrict access to Power BI model
objectives objects with OLS.
•Apply good development practices
to enforce Power BI model security.

© Copyright Microsoft Corporation. All rights reserved.


Restrict access to Power BI model data

Restrict access to Power BI model data by:

Apply star schema Define rules Validate roles Set up role Use single sign-on
design principals mappings (SSO) for
DirectQuery sources
Apply star schema Static rules and When you create roles, Role mappings must
design principals to dynamic rules it’s important to test be set up in advance When your data model
produce a model them to ensure they of users accessing has DirectQuery tables
comprising dimension apply the correct Power BI content. and their data source
and fact tables. filters. supports SSO, the data
source can enforce
data permissions.

© Copyright Microsoft Corporation. All rights reserved.


Restrict Access to Power BI model objects

Object-level security (OLS)


• Set up OLS:
– Create roles
– Add OLS rules to the roles

• Considerations:
– When a user doesn’t have
permission to access a
table or column, they'll
receive an error message.
• Restrictions:
– You can’t mix RLS and OLS
in the same role.

© Copyright Microsoft Corporation. All rights reserved.


Apply good modeling practices

• Define fewer datasets (data models) with well-designed roles.


• Create fewer roles by using dynamic rules.
• Create rules that filter dimension tables instead of fact tables.
• Validate that the model design, including its relationships and relationship properties,
are correctly set up.
• Use the USERPRINCIPALNAME function instead of USERNAME function.
• Rigorously validate RLS and OLS by testing all roles.
• Ensure that the Power BI Desktop data source connection uses the same credentials
that will be applied when set up in the Power BI service.

© Copyright Microsoft Corporation. All rights reserved.


Exercise

Enforce model security


• The estimated time to complete this exercise is 45 minutes.
aka.ms/mslearn
-fabric-model-s
ecurity

© Copyright Microsoft Corporation. All rights reserved. © Copyright Microsoft Corporation. All rights reserved.
Knowledge check (1/2)

1 Joshua is a data modeler at Adventure Works who is developing a model for a large data
warehouse. The model must enforce RLS, and the Power BI reports that connect to the model
should deliver the fastest possible performance. What should Joshua do?
⃣Apply rules to dimension tables.
⃣Apply rules to hierarchies.
⃣Apply rules to fact tables.

2 Rupali is a data modeler at Adventure Works who is developing an import model to analyze
employee timesheet data. The employee table stores the employee social security number (SSN) in
a column. While the model will be available for all company managers, it will also be available to
employees in the Payroll department. However, reports must only reveal employee SSNs to payroll
employees. What feature should Rupali use to restrict access to the SSN column?
⃣RLS
⃣SSO
⃣OLS

© Copyright Microsoft Corporation. All rights reserved.


Knowledge check (2/2)

3 Kasper is a data modeler at Adventure Works who is developing a model that must enforce RLS. It
must restrict access to only the sales regions assigned to the report consumer. The source database
includes a table that stores employee usernames and their assigned region(s). What should Kasper
do?
⃣Create an OLS role and use a dynamic rule.
⃣Create an RLS role and use a dynamic rule.
⃣Create an RLS role and use a static rule.

© Copyright Microsoft Corporation. All rights reserved.


Recap
In this section, we:

• Restricted access to Power BI model data with RLS.


• Restricted access to Power BI model objects with OLS.
• Reviewed development practices to enforce Power BI
model security.

© Copyright Microsoft Corporation. All rights reserved.


Further reading

Enforce semantic model security


https://aka.ms/fabric-model-security

Power BI implementation planning: Security

https://learn.microsoft.com/power-bi/guidance/powerbi-
implementation-planning-security-overview

© Copyright Microsoft Corporation. All rights reserved.


DP-600: Microsoft Fabric
Analytics Engineer

Conclusion

© Copyright Microsoft Corporation. All rights reserved.


Thank you for attending this course
Here are some reminders

Celebrate your Let us know Become


new skills how we did Microsoft Certified

• Redeem your achievement • Give us your feedback • Explore additional resources


• Share with us and your • Survey will be sent via email to help prepare
network • Schedule your exam

 Tag us social: #AlwaysLearning


© Copyright Microsoft Corporation. All rights reserved. © Copyright Microsoft Corporation. All rights reserved.
What could be next in your learning journey?

Data Engineering on Micr Designing and implement New: 1-day instructor-led


osoft Azure ing a data science solutio training courses
n on Azure
Skills covered: • Implement a lakehouse with
• Design and implement Skills covered: Microsoft Fabric
data storage • Design and prepare a • Coming soon:
• Develop data processing machine learning solution • Fabric Data
• Secure, monitor, and • Explore data and train Warehouse
optimize data storage and models • Fabric Real-Time
data processing • Prepare a model for Analytics
deployment • Fabric Data Science
• Deploy and retrain a • Fabric reporting with
model Power BI

© Copyright Microsoft Corporation. All rights reserved.


© Copyright Microsoft Corporation. All rights reserved.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy