We all know that Power BI is an excellent tool for collecting and presenting data in front of our audience. One main reason for this is the data security offered by Power BI.
We are sure that nobody initially starts thinking about data security when they first start working with Power BI. But the fact is, it gets very confusing as you further dig into it.
Power BI offers different levels of security to secure data. All data persisted by Power BI is completely encrypted with Microsoft keys. Hence, this blog is going to be all about the different types of security offered by Power BI.
There are mainly six types of securities in Power BI. They are listed below:
- Row-level Security
- Object-level Security
- Page-Level security OR Tab-Level Security
- Privacy Levels In Power Query
- Office 365 Sensitivity Labels
- Power BI Workspace Security
6 Types: Let’s briefly study each of these
1. Row-Level Security
Row-level security in Power BI enables you to control access to rows in a database table by using group membership or execution context. This security feature of Power BI is very well documented. People in the Power BI community often understand it easily.
There are two forms of the Row-level security feature-
- Dynamic RLS
- Static RLS
2. Object-Level Security
The security feature that enables model authors to secure particular columns or tables from report viewers is known as “object-level security.” Additionally, OLS also restricts object names and metadata.
3. Page-Level Security
Page-Level Security, as its name implies, allows for conditional control over the visibility of pages to users.
In other words, page-level security is used for controlling access to the report pages in Power BI. Upon implementing this feature, some users get to see some particular pages, and some users get to see other particular pages. However, Power BI, as of today, doesn’t support visual-level or page-level security. There is a workaround to do it using conditional page navigation and RLS.
4. Privacy Levels In Power Query
Out of all the different types of securities in Power BI, this one is the least understood mechanism.
The purpose of the privacy levels in Power Query is to limit the possibility of data being passed from one system to another. Let’s understand this in a little more detail.
Imagine that you are loading data from a relational database. In this case, it is very common that Power Query transformations can be converted/translated into SQL code. They can be passed on to the source database. This is known as query folding.
Now assume that you are receiving data from two databases. Out of those two databases, one contains highly personal data; personal information about employees or customers.
Imagine yourself in a situation now where you want to filter data in the database without sensitive data based on the database that contains sensitive data. In situations like these, you would not like sensitive data to be passed from one database to another. Here come Privacy Levels in action. The privacy levels help you manage situations like these. It prevents the passage of data from one database to another.
5. Office 365 Sensitivity Labels
Office 365 Sensitivity Label is a security feature that is controlled by the admins of Microsoft 365 and Azure.
Sensitivity labels help in controlling enforced encryption and limiting capabilities to distribute information inside and outside your tenant. Moreover, it can only be enabled by an admin. Once the admin configures labels and policies, you are then eligible to add a sensitivity label on a Power BI report.
Keep in mind that this feature may incur additional costs. It completely depends on the subscription level of your Microsoft 365.
6. Power BI Workspace Security
You must be familiar with creating workspaces in the Power BI service. Recently, Microsoft disabled the automatic creation of a workspace in Power BI when creating a team in MS Teams. Well, surprised or not?
Moreover, each workspace in Power BI mainly has four roles. Those roles are:
- Admin: An admin is free to do whatever he wants in a workspace.
- Member: A member is eligible to add any content to a workspace and change most of its settings. Additionally, a member can not only add other users with the “member role,” but can also add contributors and viewers.
- Contributor: A contributor is eligible to add reports and datasets to a workspace. However, without the admin’s permission, a contributor is not allowed to change the Power BI app.
- Viewer: Viewers only exist in places where you have a premium capacity. A viewer is eligible to access any content in the workspace. However, they are not subjected to changing anything.
It is required that you assign roles to users or even Microsoft 365 groups. That’s when Power BI Workspace Security comes into action. It basically controls access to all the published artefacts like reports and datasets.
Additionally, all of us need to know how to handle workspace security. After all, it is the first level of protection. Guess what the irony is over here? It is listed as the last one.
So this was all about different types of securities in Power BI. We hope you enjoyed reading this blog. Thank you so much for giving up your precious time. Thoughts and viewpoints are welcome in the comment section.
