I just went through the pain of setting up a complex dynamic row level security today involving a list of individuals who could see specific information and a smaller list of individuals who could see everything regardless of who owns the information in the report. The one thing I wish Microsoft would do is allow you to display a message when a person doesn't have privileges to view information in a table instead of just showing an empty table.
Yes this is definitely possible, I’ve done it in reports. You can set the colour of the text and background of the text box/message (eg white to hide) based on a measure that checks the users permission
Very helpful. Would you possibly be able to share the 'selected page' measure that you mention is using 'conditional formatting' to drive the page navigation ? Many thanks
The new App experience almost could work for this, since you can see the report pages it feels like a no brained to show and hide with audiences. The problem at the moment is hidden pages in the new apps are blocked, not just ‘hidden’ so this navigation wouldn’t work.
Okay - I need some help. Yes Obfuscation will work for my purposes. The information on a given page I am trying to keep ALL users from seeing isn't sensitive. It is just meant for Sr Leadership that will find value in it. We prefer general users not see it so to reduce unnecessary questions (they need to focus on their roles and not big picture questions in this case). I don't want to do the RLS as much as I need to keep all users from being able to easily navigate to a page. So, I would like to set up the "Obfuscation" but not based on a slicer. Instead on a button. Is this possible. Ex. I have a home page with boxes that users can navigate to get to different tools (my Sr leadership and General Users needs 90% of the boxes). My Sr leadership has two additional boxes. When they click on it, i have a new page set-up that is not in the button navigation and obviously isn't showing as a page within the PowerBI service (I only create with buttons - ie all pages hidden except one). How do I apply this table role permissions onto a button? I don't like the slicer interface.
Has anyone been able to find Adam’s idea so we can give this idea more votes? I was able to find one by another person in 2021, but it has only 28 votes.
Adam, not going to lie, this is what we thought we were getting with Multiple Audiences for a Power BI App. I'm all for having to code Object Level Security - just make the Page items Objects, and we can dynamically handle that with Rules 😀.
Also if you export to ppt pdf it would ask to include / exclude hidden pages. Copy the report and then edit the copy could also bring up the hidden page. Only thought I would have is to additionally secure the hidden page with a page level filter connected to RLS - but there is really no „secure“ way yet.
This just seems odd ... with the audience feature of Power BI Apps, you can hide/show reports to different audiences. The app setup also shows the report pages. It seems like a no-brainer to wire page-level audiences there (easier said than done). Things like this just make me think that M$ doesn't really understand their user's needs. And yeah, copying a report may suffice, but that's a nightmare when you have a lot of roles. Additionally the entire thing becomes a maintenance nightmare as well. Beyond Data Flows to share common data transformations across multiple reports, Power BI has no great way to encapsulate report functionality across multiple reports. And no good source/version control mechanisms to help either. Not to mention how to handle someone changing roles. Sure, you can lock them out of the old report by removing them from the group, but when they get added to the new role you have to send out a new link. And it's not great just having a sharepoint site with 5 links to the same report, 4 of which don't work for people. And then what happens when you need this for the 5-10 different reports that you have. If you have 5 distinct roles, your now maintaining 25 - 50 versions of reporting. Everything is going to get out of synch quick, just because M$ didn't build in this basic feature ... that's terrible; even for Microsoft standards.
If you have a shared dataset, you can create multiple "thin" reports based on that with the pages separated by audiences. The limitation of that if you have to enable analyze in Excel and certain audiences should not see data because there is one dataset.You could enable object level security but ain't nobody has time to manage that.
you can mix RLS and OLS with field parameters to create single visuals that don't break when the user doesn't have access to all the columns, rather it only shows them the columns they have access to.
I did a similar thing using chicklet slicer and button action to navigate to the page . But the problem with that is i need two clicks. One to select Page and second to navigate it.
Hi, I also did the similar thing and used the disconnected table. Well I used a flag called superuser and used hiding of button concept. Here anyone who is logged in if he/she is a superuser then I show the buttons meant for them and they can then click on that button and navigate to page else the button is not displayed and to hide button did make the background same as that of page background and in the navigation used the measure to make it none. So this avoided multiple clicks plus creating roles and the data level security what's mentioned in the video. And I agree we need page level security so m gona vote for the idea.
How did you remove the Page Navigation Pane in the service? I´m looking everywhere and can´t find a way to do this. Why is Power BI so poorly designed and so unintuitive. Such a frustration.
@@emmatilley7012 No it does not, you cannot pick and choose which report pages, it automatically picks up all report pages within the semantic model. What a lot of users are looking for is the ability to pick particular report pages within the app.
I wish Microsoft would stop dicking around with features most users dont need and implement stuff like this! The fact you had to do a video on it is an acknowledgement its needed!
Thanks for your explanations, highly appreciated even if the video is a yeart out now, just came up with the usecase for page level security. For PBI Report Server the URL problem is not given, so works for me 🙂
We have cases where there are visuals / pages that only have utility if the user has access to (e.g. controlled by RLS) or has selected more than one of an entity. Let's take Store - some users can see only one store, some can see more than one. Those that can see more than one may have only one store selected in a store filter. There are pages / visuals that compare stores. These have no use if only one store is selected or available. What would resolve all of this is for a page/visual to allow the 'Show/Hide' property to be optionally driven from a measure. Then we can define: Single Store Selected = HASONEVALUE('Stores'[Store]) Then the page (or visual)'s Hide property can be assigned (the good old "fx button") to a measure that returns TRUE/FALSE... in this case: [Single Store Selected] None of the workarounds today are satisfactory. Hmmm. Maybe I should post a feature request in the right place, not here!
Email subscriptions will also expose hidden pages for users to subscribe to, which makes hidden pages easily discoverable. p.s.where is the link to the community forum to vote for page level security?
This is so frustrating. Why can't you just simply turn on and off row level security on any individual page? This has been a gaping hole in power BI for years. There are all kinds of use cases where you want users to have a dashboard based on their area of responsibility but still have visibility to everything else. Why can't Microsoft just get this done?
Hello Adam, a small question can we create a powerBI report from MS quiz not forms. And get the points and feed back from forms. I know there's already a video . But I don't know how to do it with quiz . And the form owner is another person.
When i really have to do page level security, what i do is to create separete reports, publish to an app and handle this with app audiences... So far the best way i found to have REAL page level security... but unfortunately it takes more work and would be wonderful if Microsoft implements this as a native feature.
Great video, when I spotted the URL with a page link this sparked my thoughts can I embed into a website on a certain page/tab in the report? I currently create a lot of separate reports to embed into our website but one report which would open on a certain tab with a URL would be a better option for me. Any thoughts on this?
New word! And I also really appreciate this update... which is really nothing new, but still verifies there's no true page level security. This question keeps coming to us from newer Power BI developers in our org, so it is good to be able to verify it still isn't available.
For Power BI Report Server (on-premise) it works perfectly! No page-specific link is visible for user so I am planning to use this method. Thanks a lot Adam!
I would think about creating a separate Drill-through (target) report for the pages to be secured, with the same styling of the Overview page. That target report can be of course secured properly (together with the centralized data model which would be serving both reports). Then you can use buttons (like shown in the video here) and the Drill-Through features from the Overview report to seamlessly drive your users back and forth, yet retaining a proper security over the "target" pages.
I've done page level security setting up a SharePoint list with the people that can click a button that takes you to the hidden page. The button has a custom action that references the measure below: Button Logic = CALCULATE(MAX(PLS[Page]), PLS[Email] = USERPRINCIPALNAME() ) Happy DAX days!