Overview
DEPLOYING IN TYGRAPH ONLINE
One of the great advantages of RLS reports presented in tyGraph Online is the ability to automatically show users a subset of data. For example, show a Yammer Admin only data for Communities that they administrate. We do this using a pre-defined role with Row Level Security (RLS).
DEPLOYING IN YOUR POWER BI SERVICE
Organizations that cannot access tyGraph Online can take advantage of Power BI Apps to create the same effect. This app will be created on your tenant and requires additional management which we will outline below.
CONTENTS
Also feel free to refer to the Microsoft Documentation which you can find here: https://docs.microsoft.com/en-us/power-bi/service-create-distribute-apps#licenses-for-apps
Requirements
To create or update an app, you need a Power BI Pro license. For app consumers, there are two options.
- Option 1 The workspace for this app is not in a Power BI Premium capacity: All business users need Power BI Pro licenses to view your app.
- Option 2 The workspace for this app is in a Power BI Premium capacity: Business users without Power BI Pro licenses in your organization can view app content. However, they can't copy the reports, or create reports based on the underlying datasets. Read What is Power BI Premium? for details.
https://docs.microsoft.com/en-us/power-bi/service-create-distribute-apps#licenses-for-apps
Workspace Setup
Creating this Power BI App will include 3 major steps:
- Establish workspace
- Load RLS PBIX File
- Publish Organizational App
Create Workspace
Please refer to Microsoft on how to create a workspace if you don't have one created already. We also don't reccomend that you add the model to a Template App Workspace that came with the store.
Load Model File
- Download RLS model file you would like. Download pages below.
tyGraph Pulse tyGraph Pulse - RLS : Support tyGraph for Teams tyGraph for Teams - RLS : Support tyGraph for Viva Engage tyGraph for Viva Engage - RLS tyGraph for SharePoint tyGraph for SharePoint - RLS : Support - Select your workspace
- While still in the workspace, select Upload -> Browse
- Select the designated file and click open.
Creating Your App
Below is a summary of installing an app to get you running quickly. For a detailed explanation please see the Microsoft documentation here: https://docs.microsoft.com/en-us/power-bi/service-create-distribute-apps
- Select the workspace
- Open the report pane
- Enable the uploaded report in the “Included in App” toggle. By default all of your reports will be included in your app. This is why it is good to keep the report for the app in their own workspace for simplicity.
- Click “Create App"
- In the Details pane enter a description for the app and configure any the App theme and contact information as desired.
- Open the content tab and select “+Add content”. Then select the RLS report from the workspace.
- Select the Audience tab, check the box to “install the app automatically” for users who have been given permission
- In the permissions section, be sure to only allow permission to “Specific individuals or group”
- You can verify the dashboards reports, workbooks, and datasets that will be included in the app by viewing the totals next to each icon
- Once finished press finish
Provisioning a Premium Capacity Workspace
If your organization does not have a premium capacity, you will need to provision one in your Azure tenant. For a detailed guide on creating this workspace please see this Microsoft page.
https://learn.microsoft.com/en-us/power-bi/enterprise/service-admin-premium-purchase
- Once you have your premium capacity provisioned, open your Workspace tile in Power BI.
- Create a new workspace
- Name the new workspace
- Set the workspace to Private
- If you set the workspace to public than any users with a Pro license will be able to view the report loaded into this group regardless of any security roles that you have employed.
- Set the workspace so that members can only view the Power BI content
- Add any other admins that will be managing the workspace. It should be noted as in step 4 that any users added to the workspace will be exempt from RLS roles.
- Enable dedicated capacity
- Select the dedicated capacity workspace of your choice
- Save your changes
Maintaining Access
Part of maintaining a Power BI app requires that a user or team or application manages users. This is done by adding and removing users (or a distribution group*) to both the role and permissions. If you are adding Group Admins for example you must add them to the security role first and then add the user in the app permissions section.
*You can use distribution groups to control both security groups and RLS role access.
https://docs.microsoft.com/en-us/power-bi/admin/service-admin-rls#add-members
Set up Security Group
This will make everything easier.
Adding a User
- Scroll down the premium workspace to the datasets section
- Open the dataset options panel by clicking the ellipsis next to the dataset
- Select the “Security” option
- Select the security role. There will almost always just be one role shown here
- Enter the email address of the new user
- Click Add
- Save your changes
- Navigate back to the workspace.
- Select update app.
- Go to the permissions section
- Add your users to the app.
- A popular option is ensure “Install App Automatically” is enabled. If it is greyed out then this option has been disabled by your Power BI administrator.
- Click update app.
Removing a User
- Go to your workspace.
- Select “Update App”
- Navigate to the permissions header.
- Remove users.
- Select Update app.
End User Experience
If you enabled automatic install in the app creation than users will be able to see the application by simply opening the “Apps” pane in Power BI. (Creating your app. #7, Adding Users)
If read only has been enabled for the user, they will be able to view the report and use all items in the filters pane. The user will not be able to edit the report layout or save any filter changes.