The security infrastructure of a semantic model must be planned in advance because it impacts the data model and may require writing specific DAX expressions. This course explains how to implement security in Tabular semantic models, considering different requirements, data model design, DAX implementation, and performance.
The training is reference material for developers creating a security infrastructure using Tabular semantic models for Power BI, Microsoft Fabric, and Analysis Services. After briefly reviewing the features available for creating security in a semantic model, we provide several practical examples that showcase common patterns in enterprise solutions.
The course includes over 4.5 hours of videos and a white paper in PDF format that should be used as companion content. The white paper does not replace the video content: we did not describe most user interface interactions for designing and testing security roles in writing, as video is more effective.
The content has the following modules:
- Introducing Security
- Introducing security in Tabular semantic models
- Creating security roles in Power BI / Fabric
- Creating security roles in Tabular Editor
- Applying security roles to a user
- Testing security roles in PBI Desktop
- Testing security roles in DAX Studio
- Testing security roles in Tabular Editor
- Roles do not apply to administrators (RLS and OLS)
- Static row-level security (RLS)
- Multiple roles with static security
- Filter propagation: One-to-many relationships – single-direction filter
- Filter propagation: One-to-many relationships – bidirectional filter
- Filter propagation: One-to-one relationships
- Filter propagation: Many-to-many relationships – single-direction filter
- Filter propagation: Many-to-many relationships – bidirectional filter
- Filter propagation: Inactive relationships
- Object-level security (OLS)
- Object-level security (tables and columns)
- Multiple roles with OLS
- OLS and relationships
- OLS propagation to measures and calculation groups
- Dynamic row-level security
- Introducing primary table expressions in DAX
- User-driven dynamic security
- User groups with bridge table and bidirectional filter
- User groups with many-to-many relationships and single-direction filter
- Custom static security on fact table
- Custom dynamic security on fact table
- Non-visual totals with RLS
- Converting OLS into RLS
- Security differences depending on the storage engine
- Security differences depending on the storage engine
- DirectQuery behavior
- Composite model behavior
- Security cost in import mode (VertiPaq) and Direct Lake
- Security cost in DirectQuery
- Security cost in composite models
- Additional material
While most examples utilize Power BI Desktop for educational purposes, the techniques presented apply to semantic models published on the Power BI service, Fabric, or Analysis Services.