Enforce Power BI model security Flashcards
What is the main purpose of enforcing model security in Power BI?
To restrict data access at the row level, ensuring users see only the data they are authorized to view.
What are the two types of security roles in Power BI?
Static and dynamic security roles.
How do you create a security role in Power BI?
By using the Manage Roles feature in Power BI Desktop to define DAX filters for tables.
What is the difference between static and dynamic security roles?
Static roles apply fixed filters, while dynamic roles use user-specific information to filter data.
Why is it important to test security roles in Power BI?
To ensure they correctly restrict data access as intended before deploying the model.
What is row-level security (RLS) in Power BI?
A method to restrict data access for given users by using filters to limit the data at the row level.
How do you create a security role in Power BI?
In Power BI Desktop, navigate to Modeling > Manage Roles and define DAX filters on tables.
What is the purpose of testing security roles?
To ensure the roles are correctly restricting access before publishing the model.
What are dynamic security roles in Power BI?
Roles that use DAX functions to filter data based on user information, allowing for user-specific data access.
What function can be used to create dynamic security in Power BI?
The USERPRINCIPALNAME() function, which returns the user login name.
What is the purpose of the LOOKUPVALUE function in dynamic RLS?
It retrieves a value from a table based on the result of a search condition, used to match user information with data table columns.
How can you assign roles to users in Power BI Service?
By publishing the report to Power BI Service, navigating to the dataset, and assigning roles in the “Security” settings.
Can RLS be tested in Power BI Desktop?
Yes, by using the “View as Roles” feature to simulate different user roles.
What is a common use case for static RLS?
Limiting access to data based on departments, where each department only sees its own data.
What is Object-Level Security (OLS) in Power BI?
OLS restricts access to specific tables and columns, as well as their metadata, ensuring users can only see authorized data.
How do you set up OLS in Power BI?
Create roles in Power BI Desktop, then add OLS rules using an XMLA endpoint with tools like SSMS or Tabular Editor, and publish the model to Power BI Service.
What happens if a user tries to access a restricted table or column in Power BI?
The user will receive an error message indicating that the object does not exist.
What are the restrictions on using OLS in Power BI?
OLS and RLS cannot be mixed in the same role, and table-level security cannot break relationship chains between tables.
What is one good practice for defining datasets in Power BI?
Strive to define fewer datasets with well-designed roles to simplify management and maintenance.
Why should you use dynamic rules for roles in Power BI?
Dynamic rules create fewer roles, making a data-driven solution easier to maintain.
Where should you apply filters for faster query performance?
Apply filters on dimension tables instead of fact tables.
Which DAX function is preferred for validating roles in Power BI?
Use the USERPRINCIPALNAME function for consistency in both Power BI Desktop and Power BI Service.
What is essential to validate in Power BI models?
Validate that model design, relationships, and relationship properties are correctly set up.
How should RLS and OLS be validated?
Rigorously test all roles to ensure proper enforcement of data permissions.
