sEcuritY, SHARING, maintenaBILITY AND governance
Start
SUmmary
Chapter 3
Will be discussed during this chapter :
- Introuduction to RLS :
- What is it used for ?
- Why ?
- How ?
- Good practices
- Use of Power BI template for a corporate design
- Applications :
- Utilization
- Good practices
- Pipelines and parameters
- Differenciation between DEV, INT and PRD
- Presentation of a deployment pipeline
- Use of parameters in Power Query
- Definition of parameters rules in Power BI Service
- Good practices
OVERVIEW
By the end of this module, you will be able to :
GOAL 1
GOAL 2
Setup your RLS, deploy correctly your report and share it safely.
Understand the security and governance purposes of Power BI.
RLS
(Row-levels-Security)
RLS - Introduction
Row-Level Security (RLS) is still a little-known concept, yet it represents an effective way to optimize your model, secure data, and personalize reports, when used correctly. This is also something we track in a dedicated report shared with our citizens. Using RLS is therefore a best practice that we strongly recommend.Purpose: Restrict access to data based on defined roles. This restriction applies at the row level. It is defined in the semantic model.
Main benefits of using RLS
Confidentiality
Personalization
Centralization
Filters displayed data according to the user’s role and scope of action
A single report for multiple end users with different access levels
Displays only the data relevant to the end user
rls - static vs dynamic
Static RLS
Dynamic RLS
Filters adapt in real time when the user logs in.
Strict and fixed rules defined manually
Useful for managing dynamic access using first and last names. Ideal for teams or organizations structured hierarchically. Utilization of a model table to manage access and rights.
Useful for simple, predefined filters over time. Example: A person in a specific factory will only have access to data within their scope.
Complex to implement, requires advanced DAX modeling.
Requires manual updates when changes occur.
Example
STATIC RLS - Implementation
'Manage Roles' Menu
Creation of a role, selection of a table and definition of a filter rule.
The ‘View As’ menu allows you to test RLS and verify that the rule works correctly, ensuring that the selected role only sees the data they are allowed to access.
Once the model is published, you must assign each user to the appropriate role.
dynamic RLS - Implementation
'Manage Roles' Menu
Use of the 'Switch to DAX editor' menu and use of functions such as USERNAME() and USERPRINCIPALNAME()
The ‘View As’ menu allows you to test RLS and verify that the rule works correctly, ensuring that the selected role only sees the data they are allowed to access.
RLS - Good practiceS
As with any Power BI development, it is essential to follow RLS best practices to maintain confidentiality, governance, and security.Let’s review the five best practices we recommend applying (hover over the illustrations below to display the related text):
RLS Quiz
RLS Quiz
RLS Quiz
RLS Quiz
Applications
applications - Introduction
Power BI apps are packages that allow to regroup several reports and dashboards at the same place. Power BI apps combine multiple dashboards and datasets into a single, organized experience. It is a feature that you will find only on Power BI service.
Key benefits of using applications
Control
Better UX
Security
Simplified access control as you can defined the use access at the application level. We'll describe audiences just after.
Controlled updates → Changes for end-users are made whenever you choose.
Simplified navigation and user experience → Centralization of multiple reports in one place.
applications - Audiences
Audiences in Power BI describe the people that have access to your application. Concretely, this is where you can set up all the sharing rules you want. By creating different audiences on applications, it's possible for you from a single application to hide some pages for some audiences and so to centralize your content with simple sharing and strong security and confidentiality.
Key things to know
Main steps
- "New Audience"
- Rename the audience
- Use the hide/display button to chose the content you want to show to a specific audience
- Manage audience : add users and groups
- You can either share to a single person or to a group (ex : Workspace users)
- Control resharing : it's recommended to disable the option to allow resharing of semantic models (governance reason)
- You can preview what an audience will see
- You can share the link when the application is updated
Key benefits of audiences
Centralization
Security
Confidentiality
All content is managed within a single app, reducing duplication and simplifying maintenance.
Audiences ensure that users only see the content relevant to their role, minimizing the risk of unauthorized access.
Sensitive reports or datasets can be restricted to specific audiences, protecting confidential business information.
applications - good practices
When sharing a report to another developer, between citizen ->
Use of workspaces.
When sharing a report with a final user ->
Always use applications.
Always define permissions at a report-level instead of the workspace-level. Definition of clear roles.
Security & governance ->
Use dedicated datasets organized by subject areas and scopes to simplify navigation and strengthen governance.
Centralization & organization ->
Always publish the application only after performing several checks to avoid creating multiple versions. Ensure proper documentation of the application.
Maintenance & Updates ->
Send notifications when update are done to keep informed the final users.
Communication ->
Applications Quiz
pipelines & parameters
Project Development in Power BI
environments
Hover each square below to have more information on each environment.
Publish
DEV
PRD
INT
Technical tests
Business tests
PARameters - power bi desktop
Parameters in Power BI Desktop allow you to make your queries dynamic. By dynamic, we mean that, instead of coding each time the parameters (database, server, role, etc.) you define flexible inputs that can be changed automatically. It gives flexibility by having your desktop file that represents the DEV file and then you can just run the pipeline to have data from INT and PRD environments.
Power Query Editor -> Manager Parameters -> New Parameter -> Define Name/Type/Current Value
pipelines - Introduction
A pipeline is an automated process consisting of various successive tasks. In our case, pipelines allow publishing and deploying a report securely across different work environments (DEV, INT, PRD). This deployment pipeline relies on parameters (as seen earlier) that identify the tables used and adapt them accordingly.
Main benefits of using pipelines
Automated Deployment
Flexibility & Reusability
Governance
Allow you to move content across environments without manual republishing, reducing human error
Ensures consistency between environments and makes it easier to track changes thanks to the history
Allow you to switch environments/datasources/values dynamically
pipelines utilisation - Power bi service
Pipeline schema INT - PRD
pipeline and parameters - defining rules
parameters & pipelines - Good practices
Hover over the four best practices below to discover what we expect you to implement when using pipelines and parameters.
Remember : best pracices are useful to debug, maintain and optimize all your development.
Parameters & Pipelines Quiz
Parameters & Pipelines Quiz
Parameters & Pipelines Quiz
Parameters & Pipelines Quiz
To go further....
- Manage Semantic Models in Power BI - Training | Microsoft Learn
- Secure Data Access in Power BI - Training | Microsoft Learn
- Interact, share and collaborate Power BI dashboards - Online worshop - Training | Microsoft Learn
building a data catalog in power bi service
tags in Power bi service
Once your semantic models and reports are published on Power BI Service, it is considered a best practice to apply tags to them.Among the tags available, you will find:
- Logistics
- Manufacturing
- Master Data
- Climate
- Purchase
- Quality
- Sales & Customer
How to do it ?
1- Go to the settings page of your dataset or report.
Key benefits of using tags
2- Open the Tags menu and apply the tag that corresponds.
Organization
Security
Facilitates the identification of models and reports through clear categorization.
Helps create a Power BI catalog with all corresponding metadata.
Description in Power bi service
When building your report, it is a best practice to add descriptions to everything: Power Query steps, measures, columns, and tables.It is also a recommended practice on Power BI Service, both for datasets and reports.
How to do it on Power BI Service?
Where to add these descriptions:Measures ---> Power BI Desktop Columns ---> Power BI Desktop Reports ---> Power BI Service Datasets ---> Power BI Service
1- Go to the settings page of your dataset or report.
2- Open the 'Semantic model description' menu and write the description.
Semantic Model
Key benefits of using descriptions
Understanding / Scalability
Governance
Prioritization
Governance
Makes maintenance and governance easier, since the purpose of each object is clearly defined.
Helps with prioritization, as documented assets are easier to evaluate and manage.
Improves understanding of the report, dataset, and underlying data, which increases scalability.
Write your description here
Report
Write your description here
tags and descriptions benefits
Key benefits of using tags & descriptions
Data Catalog
AI Utilization
AI is becoming increasingly present across the Microsoft ecosystem. Providing more documentation about our data, through descriptions, helps AI models better understand business logic, which in turn allows them to support us more effectively in various challenges.
As presented in the previous module, we have an Object that includes a dedicated data catalog. This catalog is based on Power BI metadata. By applying tags, we increase the level of detail available in the lineage and search processes.
The end
Now that you’ve learned how to configure parameters, publish correctly to the Power BI Service, and set up RLS to share your report, it’s time to put your knowledge into practice. Go ahead and apply what you’ve learned by creating your own application and implementing security rules to ensure clean and controlled access to data. Practice makes you better : don’t hesitate to revisit this module whenever needed.
Click here to exit the genially
Parameters defined in Power BI Desktop (in Power Query or when filling out the template we provided to you)
Transformations done by the pipeline to convert parameters to PRD.
M1-C3 - CDD - Security, Sharing, Maintenability and Governance
Equipe Data
Created on December 8, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Customer Service Course
View
Dynamic Visual Course
View
Dynamic Learning Course
View
Akihabara Course
Explore all templates
Transcript
sEcuritY, SHARING, maintenaBILITY AND governance
Start
SUmmary
Chapter 3
Will be discussed during this chapter :
OVERVIEW
By the end of this module, you will be able to :
GOAL 1
GOAL 2
Setup your RLS, deploy correctly your report and share it safely.
Understand the security and governance purposes of Power BI.
RLS
(Row-levels-Security)
RLS - Introduction
Row-Level Security (RLS) is still a little-known concept, yet it represents an effective way to optimize your model, secure data, and personalize reports, when used correctly. This is also something we track in a dedicated report shared with our citizens. Using RLS is therefore a best practice that we strongly recommend.Purpose: Restrict access to data based on defined roles. This restriction applies at the row level. It is defined in the semantic model.
Main benefits of using RLS
Confidentiality
Personalization
Centralization
Filters displayed data according to the user’s role and scope of action
A single report for multiple end users with different access levels
Displays only the data relevant to the end user
rls - static vs dynamic
Static RLS
Dynamic RLS
Filters adapt in real time when the user logs in.
Strict and fixed rules defined manually
Useful for managing dynamic access using first and last names. Ideal for teams or organizations structured hierarchically. Utilization of a model table to manage access and rights.
Useful for simple, predefined filters over time. Example: A person in a specific factory will only have access to data within their scope.
Complex to implement, requires advanced DAX modeling.
Requires manual updates when changes occur.
Example
STATIC RLS - Implementation
'Manage Roles' Menu
Creation of a role, selection of a table and definition of a filter rule.
The ‘View As’ menu allows you to test RLS and verify that the rule works correctly, ensuring that the selected role only sees the data they are allowed to access.
Once the model is published, you must assign each user to the appropriate role.
dynamic RLS - Implementation
'Manage Roles' Menu
Use of the 'Switch to DAX editor' menu and use of functions such as USERNAME() and USERPRINCIPALNAME()
The ‘View As’ menu allows you to test RLS and verify that the rule works correctly, ensuring that the selected role only sees the data they are allowed to access.
RLS - Good practiceS
As with any Power BI development, it is essential to follow RLS best practices to maintain confidentiality, governance, and security.Let’s review the five best practices we recommend applying (hover over the illustrations below to display the related text):
RLS Quiz
RLS Quiz
RLS Quiz
RLS Quiz
Applications
applications - Introduction
Power BI apps are packages that allow to regroup several reports and dashboards at the same place. Power BI apps combine multiple dashboards and datasets into a single, organized experience. It is a feature that you will find only on Power BI service.
Key benefits of using applications
Control
Better UX
Security
Simplified access control as you can defined the use access at the application level. We'll describe audiences just after.
Controlled updates → Changes for end-users are made whenever you choose.
Simplified navigation and user experience → Centralization of multiple reports in one place.
applications - Audiences
Audiences in Power BI describe the people that have access to your application. Concretely, this is where you can set up all the sharing rules you want. By creating different audiences on applications, it's possible for you from a single application to hide some pages for some audiences and so to centralize your content with simple sharing and strong security and confidentiality.
Key things to know
Main steps
Key benefits of audiences
Centralization
Security
Confidentiality
All content is managed within a single app, reducing duplication and simplifying maintenance.
Audiences ensure that users only see the content relevant to their role, minimizing the risk of unauthorized access.
Sensitive reports or datasets can be restricted to specific audiences, protecting confidential business information.
applications - good practices
When sharing a report to another developer, between citizen ->
Use of workspaces.
When sharing a report with a final user ->
Always use applications.
Always define permissions at a report-level instead of the workspace-level. Definition of clear roles.
Security & governance ->
Use dedicated datasets organized by subject areas and scopes to simplify navigation and strengthen governance.
Centralization & organization ->
Always publish the application only after performing several checks to avoid creating multiple versions. Ensure proper documentation of the application.
Maintenance & Updates ->
Send notifications when update are done to keep informed the final users.
Communication ->
Applications Quiz
pipelines & parameters
Project Development in Power BI
environments
Hover each square below to have more information on each environment.
Publish
DEV
PRD
INT
Technical tests
Business tests
PARameters - power bi desktop
Parameters in Power BI Desktop allow you to make your queries dynamic. By dynamic, we mean that, instead of coding each time the parameters (database, server, role, etc.) you define flexible inputs that can be changed automatically. It gives flexibility by having your desktop file that represents the DEV file and then you can just run the pipeline to have data from INT and PRD environments.
Power Query Editor -> Manager Parameters -> New Parameter -> Define Name/Type/Current Value
pipelines - Introduction
A pipeline is an automated process consisting of various successive tasks. In our case, pipelines allow publishing and deploying a report securely across different work environments (DEV, INT, PRD). This deployment pipeline relies on parameters (as seen earlier) that identify the tables used and adapt them accordingly.
Main benefits of using pipelines
Automated Deployment
Flexibility & Reusability
Governance
Allow you to move content across environments without manual republishing, reducing human error
Ensures consistency between environments and makes it easier to track changes thanks to the history
Allow you to switch environments/datasources/values dynamically
pipelines utilisation - Power bi service
Pipeline schema INT - PRD
pipeline and parameters - defining rules
parameters & pipelines - Good practices
Hover over the four best practices below to discover what we expect you to implement when using pipelines and parameters.
Remember : best pracices are useful to debug, maintain and optimize all your development.
Parameters & Pipelines Quiz
Parameters & Pipelines Quiz
Parameters & Pipelines Quiz
Parameters & Pipelines Quiz
To go further....
building a data catalog in power bi service
tags in Power bi service
Once your semantic models and reports are published on Power BI Service, it is considered a best practice to apply tags to them.Among the tags available, you will find:
How to do it ?
1- Go to the settings page of your dataset or report.
Key benefits of using tags
2- Open the Tags menu and apply the tag that corresponds.
Organization
Security
Facilitates the identification of models and reports through clear categorization.
Helps create a Power BI catalog with all corresponding metadata.
Description in Power bi service
When building your report, it is a best practice to add descriptions to everything: Power Query steps, measures, columns, and tables.It is also a recommended practice on Power BI Service, both for datasets and reports.
How to do it on Power BI Service?
Where to add these descriptions:Measures ---> Power BI Desktop Columns ---> Power BI Desktop Reports ---> Power BI Service Datasets ---> Power BI Service
1- Go to the settings page of your dataset or report.
2- Open the 'Semantic model description' menu and write the description.
Semantic Model
Key benefits of using descriptions
Understanding / Scalability
Governance
Prioritization
Governance
Makes maintenance and governance easier, since the purpose of each object is clearly defined.
Helps with prioritization, as documented assets are easier to evaluate and manage.
Improves understanding of the report, dataset, and underlying data, which increases scalability.
Write your description here
Report
Write your description here
tags and descriptions benefits
Key benefits of using tags & descriptions
Data Catalog
AI Utilization
AI is becoming increasingly present across the Microsoft ecosystem. Providing more documentation about our data, through descriptions, helps AI models better understand business logic, which in turn allows them to support us more effectively in various challenges.
As presented in the previous module, we have an Object that includes a dedicated data catalog. This catalog is based on Power BI metadata. By applying tags, we increase the level of detail available in the lineage and search processes.
The end
Now that you’ve learned how to configure parameters, publish correctly to the Power BI Service, and set up RLS to share your report, it’s time to put your knowledge into practice. Go ahead and apply what you’ve learned by creating your own application and implementing security rules to ensure clean and controlled access to data. Practice makes you better : don’t hesitate to revisit this module whenever needed.
Click here to exit the genially
Parameters defined in Power BI Desktop (in Power Query or when filling out the template we provided to you)
Transformations done by the pipeline to convert parameters to PRD.