If we want to get an overview of all RLS (row-level security) features applied to our semantic models in Power BI, we have multiple options.
But which one of those also includes the users/groups assigned to those roles in the Power BI Service? As far as I know (saying this in Dec 2024) there is only one tool that can provide this.
In this blog post I will show how we can leverage a new functionality of a tool for Power BI and Fabric to get:
-A list of semantic models with RLS in our tenant
-RLS roles + their DAX expressions
-Users/groups assigned to those roles
Requirements: -Measure Killer v2.5 or later installed on your machine
-Paid or trial license of the tool (request a trial here)
-If you are not a Tenant/Fabric admin you will only get the models you have access to, you need to be at least a Contributor
Launch the tool and select either one of these two modes:
1) Limited Tenant Analysis (if you just have workspace-level permissions)
2) Tenant Analysis (for Tenant/Fabric admins) -> here you can get RLS for all models in your tenant wherever they are
I will demonstrate option 1 but they are both very similar.
After launching the mode, you will be prompted to authenticate with your Microsoft account.
Next you can now select which workspaces you want to search for semantic models with RLS (we also get other stuff out of the tool obviously). Click Next
Now the main window (see below) will open and it will run through all workspaces. Once this is done (see progress on the left) we need to go to Select All (top right) and then Run (top left) to search through all models and workspaces to find the row-level security details.
A new window will pop up asking you to authenticate once more, this will be for the XMLA connection to semantic models in Premium/Fabric workspaces.
Once the scan has completed the othertabs on the top right will be activated and we can select Row-level security (last one on the very right)
Finally now we get a list of all semantic models that has row-level security.
The first level will show us each and every role that has been defined.
When we expand one, we will get the DAX expressions and also the members which are the individual users or security groups added to a role in the Power BI Service.
If you want to have all information together you can use the export feature. Exports are deactivated in trial version though.
This will create a .json file for further use.
I usually load this back into Power BI. The format is really great with the json file/document connector in Power Query.
You will be able to easily explore your data and expand everything or set your filters in any way you want.
Comments