The Clearly Podcast

Row Level Security

Summary

In this episode we discuss Row Level Security in Power BI. Data security is a subject discussed as part of every implementation and a critical consideration when implementing any IT system, not just Power BI.

Key points from the discussion

- What is Row Level Security within Power BI
- Where to use Row Level Security and where not to use it
- The administration of Row Level Security and why administration alone may be a reason not to use Row Level Security
- Performance impacts of Row Level Security
- Data classification for security
- Other security considerations such as GDPR and how they may effect how you use Row Level Security

You can download Power BI Desktop from here.

If you already use Power BI, or are considering it, we strongly recommend you join your local Power BI user group here.

Transcript

Introduction: Welcome to the Clearly Podcast, Episode 7: Row-Level Security, recorded on November 16, 2020. We’ll discuss row-level security in Power BI, its use cases, alternatives, and broader data security considerations. If you have questions, email us at podcast@clearlysolutions.net.

Discussion:

What is Row-Level Security (RLS)?

  • Tom: RLS restricts which rows a user can see in a dataset. It’s set up during data modeling, using filters based on user roles or usernames to limit data access.

When to Use Row-Level Security:

  • Shailan: Use RLS when you need to segregate data in shared reports or dashboards. For example, salespeople or HR business partners should only see their respective data.

  • Andy: RLS is crucial for sensitive data, but what are the alternatives?

  • Tom: Alternatives include creating separate models and reports for different users. However, implementing RLS at the SQL database level is often inefficient and slow.

Performance and Maintenance Concerns:

  • Andy: Does RLS slow down reports?

  • Tom: Yes, especially if the DAX queries are complex. Keep RLS filters simple to avoid performance issues.

  • Shailan: Maintenance is essential. Regularly update RLS settings to reflect employee changes and tie RLS into your organization’s processes.

Simplifying Security Management:

  • Andy: Are there simpler ways to manage security within Office 365?

  • Shailan: Yes, using Office 365 groups and workspaces can help. However, complex environments with varied data access needs still require RLS.

Advantages and Drawbacks of RLS:

  • Tom: Sometimes showing more data can be beneficial, such as spurring competition among sales teams. However, be mindful of the risks and ensure strong processes are in place.

Data Security Processes:

  • Andy: How should organizations approach data classification and security?

  • Tom: Start with identifying sensitive and commercially sensitive data, considering regulatory requirements like GDPR. Develop strong process controls and avoid over-reliance on technological measures alone.

  • Shailan: Implement regular data audits and governance processes. A data governance office can oversee classification, access, and maintenance.

Resources and Final Thoughts:

  • Shailan: Look for resources on our blog and Microsoft’s website for detailed guidance on RLS and overall data security.

  • Tom: Don’t use RLS as a default filter. It should strictly be for security purposes.

  • Shailan: Test thoroughly. Ensure RLS works as intended by logging in as different users and attempting to break the security.

  • Andy: Treat information security as an ongoing process, not a one-time event.

Conclusion: Thank you for joining us. We’ll be back on December 14 with another episode. Stay healthy and safe! For more information, visit clydecloudy.co.uk or clearlysolutions.net. Goodbye!