Object Level Security (OLS) in Power BI


What is Object Level Security and what does it do

Simply put, OLS in Power BI allows model authors to protect specific columns or tables from report viewers. It basically helps maintain privacy. Let’s consider an example where a table or a column contains some private information. In this case, the table or the column can be restricted. Therefore, only certain viewers have a view of it and can interact with it. Additionally, restricting object names and metadata is also possible.

The object-level security is an additional layer of security. It is added to prevent inappropriate users from accessing business-critical or sensitive personal data. Also, the secure tables or columns are not visible to users who do not have appropriate access to them.

In short words, object-level security secures and hides sensitive and personal data from being discovered.

How to Set up Object Level Security (Step-by-step)

There are certain steps that one needs to follow for setting up object-level security. You can’t specify OLS directly from Power BI Desktop. Instead, you’ll need an external tool called Tabular Editor.

9 steps for configuring object-level security

Step 1: Create a Model that contains all of your OLS Rules

In the Power BI Desktop,  just create a model that contains all of your OLS rules. Further, follow the steps listed below to define the security roles.

1.1 Either configure a DirectQuery connection or prefer importing the data into your Power BI desktop report.

1.2 Now, select Manage Roles from the Modeling tab.

1.3 Now, select Create from the Manage Roles window.

1.4 Under roles, provide a name for the role created.

1.5 Select the table on which you wish to apply the DAX rule under the Tables section.

1.6 In the Table filter DAX expression box, enter the DAX expression.

1.7 To validate the DAX expression that you created, select the checkmark above the expression.

1.8 Now select Save, and you are all done.

Step 2: Select the Tabular Editor on the External Tools ribbon.

You select the tabular editor o the external tools ribbon. In case the Tabular Editor button is not visible, prefer installing the “program.” The Tabular Editor will automatically connect to your model once the “program” is installed and opened.

Step 3: Click Model View

Click on the Model view now. You will then find a drop-down menu under “Roles.” Select that, and all the roles created in the previous step will appear over there.

Step 4: Role Selection

Select the role for which you want to enable the object-level security definition. Further, expand the Table permissions.

Step 5: Select either “None” or “Read” permission for the column or the table.

  • None: By selecting “None,” the OLS will be enforced. Also, the column or the table will be hidden from that role.
  • Read: By selecting “Read,” the column or the table will be visible to that role.

Step 6: Save the changes

You need to save your changes after defining the OLS roles.

Step 7: Publish the dataset

Publish your dataset to the Power BI Service from the Power BI Desktop.

Step 8: Assign Members or Groups

Navigate to the Security page in the Power BI Service. Assign members or groups to their appropriate roles.

Step 9: Save

Do not forget to hit the Save button.

On completing these nine steps, we will be able to define the OLS rules. A notification that “field can’t be found” will appear to the users without appropriate permissions.

Difference between Row Level Security (RLS) & Object Level Security (OLS)

BasisRow-level SecurityObject-level Security
DefinitionWe can use Row-level security (RLS) to restrict data access at the row level for given users.We can use Object-level security (OLS) to restrict data access for sensitive tables or columns from report viewers.
LicenseAvailable in all licensesAvailable in Pro & Premium (paid) Licenses
Available SinceSince starting (2015)Feb 2021
How it worksWith RLS, the Metadata of the objects can be viewed.With OLS, the Metadata of the objects cannot be viewed. It feels like totally deleted.
Pre-requisitesRLS can be configured from Power BI Desktop itself.OLS Configuration is possible with the help of the external tool, Tabular Editor (licensed software).
Direction of SecurityThe direction of the rule applied is horizontal.The direction of the rule applied is vertical.
LimitationIn the Power BI service, members of a workspace have access to datasets in the workspace. RLS doesn’t restrict this data access.It only applies to “Viewers” in the workplace. It does not apply to members assigned as Admin, Member, or Contributors, as they have edit permissions for the dataset.
DynamicRLS is static & Dynamic.Microsoft has no Dynamic OLS, it’s only static.


This was all about OLS. We hope you enjoyed reading this blog. Your thoughts are welcome in the comments section.

Previous articleData Scientist or Data analyst – Which is better?
Next articleTypes Of Data Security In Power BI
A learner, dreamer, and passionate about modern tools and technology like Excel 365, Power BI, SQL, HR Analytics, Six Sigma, WordPress and Visuals to name a few. Total Experience 15+ years including more than a decade of experience in S&P Global and ongoing 4+ years of experience with fast-growing startups & few MNCs. Clients served: Startups, MSMEs to a few of the Big 4 Consulting firms. Trained more than 2500 professionals in the last 4 years on various skills (Analytics, Content, WordPress, Finance, Entrepreneurship, etc). Last but the most important - mother of an awesome kid!


Please enter your comment!
Please enter your name here