Microsoft Power BI
    • 11 Dec 2024
    • 2 Minutes to read
    • Dark
      Light
    • PDF

    Microsoft Power BI

    • Dark
      Light
    • PDF

    Article summary

    For SaaS Authorization Management, PlainID offers an Authorizer integration pattern for this third-party vendor. For more information, see SaaS Authorization Management.


    Power BI enables enterprises to create, share and consume business information (BI), providing visual representations of that data. Power BI can create, share and manage cloud-based data sources, granting or denying access permissions based on roles.

    The SaaS Authorization Management feature enables Power BI users to simplify and centralize authorization policies to deliver fine-grained authorization. It provides Policy Management for the Role Level Security (RLS) by filtering tables to determine what each user can access. Also translated are DAX, tables, groups and users. The Policy ID is automatically generated, as is the Policy Name. By default, the Policy access type is Allow.

    The goal of the SaaS Authorization Management flow is to ensure that different authorization and access policies are implemented, enforced and coordinated effectively to achieve the desired security controls while maintaining consistency and avoiding conflicts.

    Power BI Authorizer Workflow

    image.png

    Steps in the Workflow

    Learn Mode

    The Learn Mode begins the process of working with the Power BI Authorizer. The Learn Mode includes defining the integration parameters between the SaaS Authorization Management and Power BI, the Discover process, and the mapping and display the results within the Platform
    .

    1. CONNECT: The first step in integrating the SaaS Authorization Management with Power BI is to define the connection parameters. This is done by creating a Policy Orchestration Point to work with Power BI (see Managing a Power BI Policy Orchestration Point and simply adding the relevant credentials.
    2. DISCOVER and MAP: Once the POP has been created, the Platform will automatically initiate a discovery process. During this process, the Platform identifies the datasets, databases, Roles, RLS, etc. and maps the discovered objects to Policy elements and Building Blocks. For example, included in the discovery and mapping stages is the creation of Asset Templates, Identity Templates, Attributes and more.
    3. DISPLAY: All of the discovered objects are displayed in the Orchestration Workspace (as well as the Identity and Authorization Workspaces) to provide visibility in the Platform for what is being managed by the Power BI Authorizer.

    Manage Mode

    Once the Learn Mode is complete, it is possible to begin using the Power BI Authorizer in Manage Mode. The Manage Mode allows you to begin updating existing Policies, creating new Policies which can then be deployed back to Power BI for enforcement, deleting Policies etc.

    The Manage Mode includes:

    Manage: Creating, update, and delete Policies for Power BI.
    Enforce: Enforce access in Power BI based on managed Polices in the Platform.
    Monitor: Continue ongoing monitoring to identify any changes in the Power BI environment and alert any changes made in the Platform by showing a discrepancy between the Suggested Policy (in the Platform) and the Deployed Policy (in Power BI).

    Mapping Power BI Objects

    During the Discovery Process, the following Power BI objects are mapped to {{variable.PlatformName} objects:

    Power BI ObjectsMapped Platform Object
    RoleDuring the discovery, Roles become Policies, connecting Identities to Assets.
    TableDuring the discovery, tables are translated into Assets.
    DAX*During the discovery, DAX expressions are translated into Rulesets.
    GroupDuring the discovery, groups are transated into Identity Attributes.

    * DAX is the language used to define access filters on the datasets in Power BI.

    For more information, see Power BI Policies and Objects

    image.png


    Was this article helpful?

    What's Next