Limit access to certain columns with OLS && the new Field parameters feature without having to create several report versions for different security roles.
When creating an #OLS role to limit access to certain columns, measures or tables for certain users, the visual containing the restricted fields will be interrupted. This is why we need to create multiple report versions for different security roles.
I recommend watching the Guy in Cube's video for more details on configuring report pages for specific users wehn using OLS.
In my example, I have a table containing the following dimension columns: City, Product sub category and Promotion name.
I want to hide the City field for some users with #OLS security.
However when applying the OLS role, the visual table will be broken
To avoid this, Chris webb in his blog recommends using #Fields Parameters.
By applying its guidelines:
✅I will create Fields Parameters by choosing the columns displayed in the table visual (City, Product Sub Category and Promotion name)
✅ Then to control the error of broken visual, I will create an #RLS role, on the same #OLS role by giving access on the non restrictive columns (Product sub category and Promotion name)
✅ Next in the table visual, I will use the parameters instead of the individual columns, so that when applying the RLS role only the authorized columns will be displayed
Here are the detailed steps:
✨1) Create OLS role to deny access to the City Column:
We need to configure the OLS in Tabular Editor tool.
✨2) Applying OLS, users cannot see the visual containing the restrictive columns:
✨ 3) Add Fields Parameters feature:
With the new #Field parameters feature, users can select the columns displayed in visuals using a slicer. We will use the field parameters in the visual instead of using individual fields from their original tables.
👉Read more about Field parameters in Power BI in my previous blog post.
✨4) Modify the same OLS role by adding an RLS on the parameter generated table, in order to return only the allowed fields by the OLS:
Adding the Field Parameters in the Power BI report, it will generate a table in the data model with one row for each field we have added, so that we can apply #RLS security on the table created for our field parameter to solve the problem and control which authorized fields will be displayed in the visual table, (in my case: Product Sub Category and Promotion Name)
👍👍 By applying the RLS joined with the OLS , users limited by the OLS restriction, will only see the columns defined in the RLS role, and thanks to the Field parametres the visual will not be broken.