The goal of this post is to help you get started with implementing dynamic security with row filters in Tabular Models (BI Semantic Model).

Scenario:

Business users connect to a Tabular Model via Excel for Data Analysis purposes. One of their common task is to analyze Countries vs. Total Margin:

Countries-vs-Total-Margin-in-Tabular-Models

But the business requirements dictate that the data should be restricted by the Sales region to which they belong. For example, a Sales Manager from Europe can see data about France, Germany and United Kingdom. To meet this requirement, you’ll have to implement Dynamic Security in Tabular Models.

Here’s how you get started:

1) Open Tabular Model in SSDT (SQL Server Data Tools)
2) Toolbar > Model > Roles

Roles-in-Tabular-Model

3) Role Manager > NEW > change Name to Europe and Permissions to Read
4) Under the Row Filters, for the Geography Table, enter the following code:

=[Country Region Name]=”France” ||  [Country Region Name]=”Germany” || [Country Region Name]=”United Kingdom”

How to edit code for your scenario?

Change the [country region name] to your column(s) and also change the values:

Editing-the-code-of-my-scenario-with-the-Role-Manager

5) Click OK

Now let’s test this role:

6) Toolbar > Model > Analyze in Excel
7) Select the role Europe

Analyze-in-Excel

8) Click OK
9) From Pivot Table, select Margin & Countries:

France-Germany-And-UK-Total-Margin-with-Excel

10) As you can see, since the role Europe was selected for testing purpose in step 7 – ONLY France, Germany and UK data is shown in our test! This means that our row filters are working.
11) You’ll have to setup more roles (based on your security requirements) as shown in steps 1-4 of this post. And after you’ve setup roles, you can add windows users to these roles.
Note: Do not use perspectives as security mechanisms because that’s not what they are meant for.
I hope this tutorial helps you get started on implementing dynamic security in Tabular models.