Row-Level Security Groups


Managing Power BI Datasets
Data Gateway
3m 56s

The course is part of this learning path

Start course

Typically the life cycle of a Power BI dataset doesn't end with publishing. This course looks at managing Power BI datasets after they have been deployed. More often than not, the source data changes regularly, so we look at updating functionality available within the Power BI service and other cloud-based methods for keeping your data fresh. Not all source data is cloud-based and readily accessible to the Power BI service, so we'll see how to use data gateways to access on-premises data, which ironically also includes data residing on cloud-hosted virtual machines.

Sometimes you'll need to grant access to datasets beyond just viewing the data. We see how you can permit users and user groups to repurpose a dataset for reports they publish. Row-level security groups are a good way to partition data for different audiences, but assigning domain users to each group can be tedious. You'll see how to assign users to row-level security groups by leveraging Office 365 user group membership. The course finishes by going through the global options in Power BI Desktop to see how to customize the user experience and improve performance.

Learning Objectives

  • Learn how to implement a data gateway to access on-premises data sources
  • Learn to map Office 365 user groups to Power BI row-level security groups
  • Permit other report designers to use a deployed dataset for their own purposes
  • Understand the different options for keeping deployed data fresh
  • Learn about the global file options in Power BI Desktop

Intended Audience

This course is designed for anyone who wants to learn how to manage their Power BI datasets after they have been deployed.


To get the most out of this course, you should be comfortable using Power BI desktop and have some knowledge of publishing reports to



In Power, you can assign Office 365 security groups to roles in addition to users. Setting up roles still has to be done through Power BI Desktop. I've set up three roles related to a branches' region location. Now I'll go over to my Office 365 Admin center. In Active teams and groups, I've set up user-defined groups within Microsoft 365, Distribution list, Mail-enabled, and Security, all prefixed with SAM. In Power, go to the dataset in question, click on more options, and select security. If there are no roles defined in your dataset, you'll get this message about Row-Level Security being defined in Power BI Desktop. The roles you have defined will appear under Row-Level Security, and you add users and groups to those roles here. When I start to type in the add people or groups field, users to add appear as you'd expect. If I start to type SAM, the user groups I defined within Office 365 also appear, except for the group created under Microsoft 365. As I assign users or groups to the roles, the assigned count in brackets next to the roles increase.

About the Author
Learning Paths

Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a  Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.