question

KM-3481 avatar image
0 Votes"
KM-3481 asked CarrinWu-MSFT commented

Analysis Service tabular custom security requirement

Hi there,

I have special requirement on Analysis Service 2019 Tabular model security. Can someone help with idea on how to do or DAX

In SSAS Tabular model has below 2 x tables:

TICKET
132470-image.png

PERSON
132508-image.png

When person user login to Analysis service tabular model 2019 to browse the data:

CASE WHEN PersonRole= Staff AND SensitiveFlag = 1 THEN Description to replace with NULL
CASE WHEN PersonRole= Head AND SensitiveFlag = 1 THEN Description then show Description column value
CASE WHEN PersonRole= Staff AND SensitiveFlag = 0 THEN Description then show Description column value
CASE WHEN PersonRole= Head AND SensitiveFlag = 0 THEN Description then show Description column value


e.g. When PUID01 login to SSAS tabular model and drag-n-drop Description column then that user must see value from this column regardless of SensitiveFlag value.
e.g. When PUID03 login to SSAS tabular model and drag-n-drop Description column then that user must see value from this column where SensitiveFlag is zero i.e. T899 BUT see NULL value for SensitiveFlag is 1 i.e. T567

Yes Person.PersonUserID is same value as user login id to match.

Any idea please.

Many .Thanks



sql-server-analysis-services
image.png (3.1 KiB)
image.png (4.5 KiB)
image.png (6.4 KiB)
image.png (3.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @KM-3481, we have not get a reply from you. Could below answers help you? If yes, please do "Accept Answer". By doing so, it will benefit for community members who have this similar issue. Your contribution is highly appreciated. Thank you!

0 Votes 0 ·
CarrinWu-MSFT avatar image
0 Votes"
CarrinWu-MSFT answered

Hi @KM-3481,

Thank you for your posting.

You could try to implement dynamic security by using row filters. It is provides row-level security based on the user name or login id of the user currently logged on. For more information, please refer to Supplemental Lesson - Implement Dynamic Security by Using Row Filters.


Best regards,
Carrin


If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexeiStoyanovsky avatar image
0 Votes"
AlexeiStoyanovsky answered

Tabular doesn't support masking, RLS operates on the whole row. You can work around this by moving your sensitive field, description, to a separate table, and setting RLS on it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.