How do I configure Power BI row-level security RLS with Azure Active Directory Groups

Question

How do I configure Power BI row-level security (RLS) with Azure Active Directory Groups?
I need to implement row-level security (RLS) in Power BI to restrict data access based on user roles defined in Azure Active Directory (AAD) Groups. The goal is to dynamically filter data based on the logged-in user's group membership. What is the best way to configure and manage RLS using AAD groups while ensuring scalability and security?

score 0 · Answer 1 · 1 day

To configure Power BI Row-Level Security (RLS) with Azure Active Directory (AAD) Groups, follow these steps:

Define RLS Roles in Power BI: In Power BI Desktop, create roles under Modeling > Manage Roles, using DAX expressions like:

[UserPrincipalName] = USERPRINCIPALNAME()

This ensures that filtering is applied on the basis of the signed-in user.

Assign AAD Groups in Power BI Service: Publish the report to Power BI Service, navigate to Dataset > Security, and assign AAD security groups to the RLS roles. This way, users' manual assignments are avoided, and the method is scalable.

Validate and Test RLS: The View as Role feature in Power BI Desktop simulates access for different users. Test security settings in Power BI Service for other users in different AAD groups.