Page Level Security Part 2: Object Level Security in Power BI!

   In this video, Nick Lee from Pragmatic Works continues the discussion on Power BI security, focusing on enhancing page-level security with object-level security. After implementing basic page-level security in a previous video, Nick identifies a loophole where unauthorized users can bypass page-level restrictions using a shared URL. This video addresses how to tighten security and prevent such loopholes using object-level security (OLS) features available in Power BI Premium workspaces.

Understanding the Security Loophole

Nick Lee begins by reviewing the limitation of page-level security. Although page-level security is helpful, it can be bypassed if a user receives a direct URL to a restricted page. This could allow unauthorized access to sensitive data, such as salary information or any confidential details. To mitigate this, object-level security is introduced as a more robust solution.

What is Object Level Security?

Object-level security is a powerful feature in Power BI that restricts access to individual objects, such as specific columns or tables, within a report. However, there is a catch: OLS can only be utilized in workspaces with a Premium capacity license (indicated by the Diamond icon). This limitation ensures that users who wish to leverage OLS must be working within a Premium environment.

Steps to Implement Object Level Security

1. Create a Role in Power BI: Nick demonstrates creating a new role for restricting access to the sensitive data (e.g., "Blue Page Block"). This role does not define specific rules but serves as a placeholder for further adjustments.
2. Use Tabular Editor for Security Configuration: With the role created, Nick accesses the Tabular Editor tool to modify the data model. This step involves selecting a specific column (like "List Price") and setting it to "None" for the newly created role. This ensures that users assigned to this role cannot view the restricted data.
3. Test and Troubleshoot: After applying the changes, Nick tests the system by attempting to access the restricted page via a URL. Initially, the security role causes errors as the system tries to process both object-level and page-level security. Nick resolves this by combining the roles into a single configuration.
4. Final Test: Once everything is configured, Nick tests the functionality again by assigning the user to the appropriate role and ensuring that the restricted data does not appear to unauthorized users. If a user attempts to access the page using a shared URL, they will encounter an error, preventing unauthorized access.

Limitations and Workarounds

Although object-level security is a valuable tool, it does come with some limitations. Specifically, it requires Power BI Premium workspaces, and the process of configuring OLS can be complex, requiring tools like Tabular Editor or Visual Studio. Additionally, OLS may show errors when multiple security roles are applied simultaneously, but this can be addressed by combining roles or troubleshooting role conflicts.

Why Object Level Security Matters

Nick emphasizes that object-level security is not just about blocking access but providing an additional layer of protection for sensitive data. By implementing OLS, developers can ensure that even if an unauthorized user bypasses page-level security, they will not be able to view or interact with restricted objects in the report.

Conclusion

Nick wraps up the video by reinforcing the importance of combining page-level and object-level security for a more comprehensive security strategy in Power BI. Although there are challenges and limitations, implementing these security measures provides greater control and confidence that sensitive data remains protected. For those interested in diving deeper into the Tabular Editor and object-level security, Nick recommends checking out Pragmatic Works' OneMain learning platform for further resources and tutorials.

Don't forget to check out the Pragmatic Works' on-demand learning platform for more insightful content and training sessions on Power BI and other Microsoft applications. Be sure to subscribe to the Pragmatic Works YouTube channel to stay up-to-date on the latest tips and tricks.