0
0
Power BIbi_tool~15 mins

Why RLS protects sensitive data in Power BI - Business Case Study

Choose your learning style9 modes available
LearnWhyDeepSheetTryChallengeScenarioRecallDash
Scenario Mode
👤 Your Role: You are a Power BI developer at a retail company.
📋 Request: Your manager wants you to explain and demonstrate how Row-Level Security (RLS) protects sensitive sales data so that each regional manager only sees their own region's data.
📊 Data: You have a sales dataset with columns: Region, Salesperson, SalesAmount, and Date. The data includes sales from North, South, East, and West regions.
🎯 Deliverable: Create a Power BI report with RLS applied so that when a regional manager views the report, they only see sales data for their region. Also, provide a simple explanation of how RLS protects sensitive data.
Progress0 / 5 steps
Sample Data
RegionSalespersonSalesAmountDate
NorthAlice50002024-01-10
SouthBob70002024-01-12
EastCharlie60002024-01-15
WestDiana55002024-01-20
NorthEva65002024-02-05
SouthFrank72002024-02-10
EastGrace58002024-02-15
WestHenry53002024-02-18
1
Step 1: Load the sales data into Power BI Desktop.
Import the table with columns: Region, Salesperson, SalesAmount, Date.
Expected Result
Sales data is visible in Power BI data view with all rows.
2
Step 2: Create a Row-Level Security (RLS) role for each region.
In Power BI Desktop, go to Modeling > Manage Roles. Create a role named 'NorthRegion' with DAX filter: [Region] = "North". Repeat for South, East, and West with respective filters.
Expected Result
Four roles created, each filtering data to only one region.
3
Step 3: Test the RLS roles in Power BI Desktop.
Use Modeling > View as Roles, select 'NorthRegion' role to see data filtered to North region only.
Expected Result
Only sales rows where Region = North are visible.
4
Step 4: Publish the report to Power BI Service and assign users to roles.
In Power BI Service, assign each regional manager to their respective RLS role under dataset security settings.
Expected Result
Each manager can only see their region's sales data when viewing the report.
5
Step 5: Explain how RLS protects sensitive data.
RLS restricts data access by filtering rows based on user roles, so users only see data they are allowed to see.
Expected Result
Managers cannot see sales data from other regions, protecting sensitive information.
Final Result
Power BI Report Dashboard
-------------------------
| Region | Salesperson | SalesAmount |
|--------|-------------|-------------|
| North  | Alice       | 5000        |
| North  | Eva         | 6500        |

(When viewed as NorthRegion role)

Key: Each regional manager sees only their region's sales data.
RLS filters data so users see only their allowed rows.
Sensitive sales data from other regions is hidden.
This protects company data privacy and security.
Bonus Challenge

Create a dynamic RLS role that filters data based on the logged-in user's email instead of fixed region roles.

Show Hint
Use USERPRINCIPALNAME() DAX function in the role filter to match user email with a table mapping emails to regions.