Skip to main content
insightsoftware Documentation insightsoftware Documentation
{%article.title%}
Published:
Was this article helpful?
0 out of 0 found this helpful

Secured insights via Power BI Service

To secure OCA reports in Power BI desktop and service, you must configure the Simba Gateway as a custom connector to the Power BI (PBI) service using the On-premises Data Gateway provided by PBI. The custom connector for Simba works as a bridge between PBI service and the Simba Gateway.

Simba Gateway requires no further configurations to function by default in PBI Desktop reports; however, it must be installed on the same computer where reports are used in PBI Desktop. You cannot share the reports with other users for RLS because Simba uses the current session users' credentials.

To secure OCA reports in the PBI service

  1. Create a new data model for a user mappings table in the report in addition to the main data models of a report. An additional security information view data model is included, which is in a hidden state by default and establishes a many-to-many relationship with the main view object model on the security context Org column, as shown in the following image:

    In this example, OCA_AP_CHECKS is the main data model of the report, and SecurityInfo caters to data security.

  2. In the case of multi-view reports, define an object model for each view, and only the main-driven view on which the report is created is related to the security information object model.

  3. To achieve row-level security (RLS) for the shared users appropriately, the administrator who has access to all organizations must publish and distribute the report to users via the PBI service. RLS is enforced on the data that is accessible by the user who publishes the report.

  4. Before publishing the reports via the PBI service, ensure that you perform the following:

    Note: The following steps are a one-time activity that you don't need to perform every time you publish a report

    1. Download and install the On-premises Data Gateway of Power BI

    2. After the gateway is installed and configured, change the default service account NT SERVICE\PBIEgwService to the windows signed-in user account.

    3. In the connectors section, add the location of the custom connector file for Simba Gateway. With Simba gateway installation, the custom connector file (SimbaGateway.pqx) is usually placed in a location similar to the following:

      C:\Users\sakkaldevi\Documents\Power BI Desktop\Custom Connectors

    4. After pointing the location, the Simba gateway loads as an on-premise custom connector, acting as a barrier for the PBI service to enable Simba as a custom connector. You can now see On-premise Gateway on the PBI service (in the Manage connections and gateways tab).

    5. Go to PBI Service > Settings > Manage Connections and Gateways. In the on-premises data gateway section, select the Enable using custom connectors with this cluster option. You can now view your custom connectors as available data source connections that can be added to the gateway cluster.

  5. Publish the report from the PBI desktop to the PBI service in the appropriate workspace. After publishing a report, the admin must add users to the role via dataset security and share the report, allowing shared users to view only RLS-applied data.

  6. Go to the report dataset settings, choose the gateway, and add a connection for the report data source with Simba connection profile details.

  7. Add required users to the following and then share the report:

    • Dataset security for the role created on the report

    • Dataset manage permissions list

  8. The shared user will now get only RLS-applied data as per the ACLS assigned in Hub.

Note :

  • In PBI service, the current signed in username is the email with which we have signed into the PBI Service.

  • In PBI Desktop while viewing data as a role, the current signed in user name is the email with which we have signed into the PBI Desktop.

  • In PBI Desktop while viewing data without role, the current signed-in user is the Simba Gateway signed-in user.

Published:

Secured insights via Power BI Service

To secure OCA reports in Power BI desktop and service, you must configure the Simba Gateway as a custom connector to the Power BI (PBI) service using the On-premises Data Gateway provided by PBI. The custom connector for Simba works as a bridge between PBI service and the Simba Gateway.

Simba Gateway requires no further configurations to function by default in PBI Desktop reports; however, it must be installed on the same computer where reports are used in PBI Desktop. You cannot share the reports with other users for RLS because Simba uses the current session users' credentials.

To secure OCA reports in the PBI service

  1. Create a new data model for a user mappings table in the report in addition to the main data models of a report. An additional security information view data model is included, which is in a hidden state by default and establishes a many-to-many relationship with the main view object model on the security context Org column, as shown in the following image:

    In this example, OCA_AP_CHECKS is the main data model of the report, and SecurityInfo caters to data security.

  2. In the case of multi-view reports, define an object model for each view, and only the main-driven view on which the report is created is related to the security information object model.

  3. To achieve row-level security (RLS) for the shared users appropriately, the administrator who has access to all organizations must publish and distribute the report to users via the PBI service. RLS is enforced on the data that is accessible by the user who publishes the report.

  4. Before publishing the reports via the PBI service, ensure that you perform the following:

    Note: The following steps are a one-time activity that you don't need to perform every time you publish a report

    1. Download and install the On-premises Data Gateway of Power BI

    2. After the gateway is installed and configured, change the default service account NT SERVICE\PBIEgwService to the windows signed-in user account.

    3. In the connectors section, add the location of the custom connector file for Simba Gateway. With Simba gateway installation, the custom connector file (SimbaGateway.pqx) is usually placed in a location similar to the following:

      C:\Users\sakkaldevi\Documents\Power BI Desktop\Custom Connectors

    4. After pointing the location, the Simba gateway loads as an on-premise custom connector, acting as a barrier for the PBI service to enable Simba as a custom connector. You can now see On-premise Gateway on the PBI service (in the Manage connections and gateways tab).

    5. Go to PBI Service > Settings > Manage Connections and Gateways. In the on-premises data gateway section, select the Enable using custom connectors with this cluster option. You can now view your custom connectors as available data source connections that can be added to the gateway cluster.

  5. Publish the report from the PBI desktop to the PBI service in the appropriate workspace. After publishing a report, the admin must add users to the role via dataset security and share the report, allowing shared users to view only RLS-applied data.

  6. Go to the report dataset settings, choose the gateway, and add a connection for the report data source with Simba connection profile details.

  7. Add required users to the following and then share the report:

    • Dataset security for the role created on the report

    • Dataset manage permissions list

  8. The shared user will now get only RLS-applied data as per the ACLS assigned in Hub.

Note :

  • In PBI service, the current signed in username is the email with which we have signed into the PBI Service.

  • In PBI Desktop while viewing data as a role, the current signed in user name is the email with which we have signed into the PBI Desktop.

  • In PBI Desktop while viewing data without role, the current signed-in user is the Simba Gateway signed-in user.

For an optimal Community experience, Please view on Desktop
Powered by Zendesk