We can all agree that protecting your organization’s sensitive and confidential data, including personally identifiable information (PII), is a crucial obligation. Unfortunately, far too many businesses aren’t sure of the best way to fend off attackers or insider threats, so they often fall victim to devastating data breaches.
Data security options such as user-level security and row-level security help you restrict access to private data, making it less likely that the information will fall into the wrong hands. In this article, we discuss how you can use these levels of security in Microsoft’s Power BI software for compliance with data security regulations.
What is User-Level Security?
The term “user-level security” describes a data security scheme in which access to files, databases, or other resources depends on a user’s identity or group membership.
For example, individual users may each use a separate username and password for accessing a file. These user accounts may also belong to groups based on roles in the organization (e.g., executives or IT personnel). Administrators can specify which individuals or groups should be able to read or edit the file and lockout all users who don’t explicitly require access.
User-level security stands in contrast to other data security methods, such as “share-level security.” Share-level security requires that all users who need access to a resource share the same account and/or password. Share-level security is a poor data security practice since it’s all too easy for the shared password to leak beyond the intended recipients.
What is Row-Level Security?
“Row-level security” is a third option for protecting sensitive data. This level of security gives administrators more granular, fine-grained control over users’ access to data.
Specifically, with row-level security, administrators can control which individual rows or records users or groups can view when accessing a database. This allows users with limited access to view the database and run queries without risking the accidental exposure of sensitive data.
The Unified Stack for Modern Data Teams
Get a personalized platform demo & 30-minute Q&A session with a Solution Engineer
Row-Level Security and Object-Level Security in Power BI
The Microsoft business intelligence ecosystem largely deprecates user-level security in favor of row-level security. For example, Microsoft Access 2007 is the most recent version of the Access database management system with native support for user-level security. (However, you can still deploy user-level security in Access databases that have not converted from the older .mdb file format.)
Microsoft BI applications such as SQL Server and Power BI now offer row-level security, which is generally more flexible and helpful than user-level security. In addition, Microsoft announced in February 2021 that Power BI would support object-level security, which operates over tables or columns instead of rows.
To manage row-level security in Power BI, go to the Modeling tab in the user interface and click on “Manage roles.” In the pop-up window, click on the “Create” button under the Roles heading and type in a name for the role you want to create. Next, create a DAX expression (data analysis expression) that will define what type of information this role will have access to within the given database or table. For a detailed guide on working with row-level security in Power BI, check out Microsoft’s article here.
Object-level security is a valuable addition to the Power BI data security toolkit. As a hypothetical example of how object-level security works, consider a database table that contains personal data about the students at a specific university:
Certain groups of users, such as other students, should be able to access limited information like a student’s name, major and campus address. In this case, administrators can apply column-level security, ensuring that the columns with this information are available to this group while concealing all other columns.
Other groups of users, such as a student’s parents, should also be able to view and edit additional columns, such as the student’s emergency contact information and home address.
Only the students themselves should be able to access information such as their course enrollment and GPA. Exposing this information to other people — even their parents — would be a FERPA (Family Educational Rights and Privacy Act) violation.
The example above illustrates how you can use row-level, column-level, and table-level security in Power BI and other software for compliance with data security regulations. Laws such as FERPA, HIPAA (Healthcare Insurance Portability and Accountability Act), and GDPR (General Data Protection Regulation) all place strict limits on how organizations can collect, store and process various types of personal data. The security options in Power BI allow you to use PII responsibly while complying with these regulations — supplying data to the people who need access and locking it away from the people who don’t.
So what kinds of data should you be concealing with row-level and object-level security in Power BI? The answer to that depends on the type of PII and sensitive data you handle, as well as the laws and regulations that apply to your organization and industry. Here’s a quick overview:
In general, you should grant access to personally identifiable information strictly on a need-to-know basis. PII includes first, middle and last name; age; date and place of birth; gender; race or ethnicity; nationality; phone number and other contact information; and ID numbers (e.g., social security number or passport ID). Regulations such as GDPR and CCPA (California Consumer Privacy Act) govern how organizations can use PII.
Personal health information (PHI) under HIPAA includes details of attendance or treatment; date of death; health conditions; medical and electronic health records; insurance membership or account number; and biometric data.
Protected information under FERPA includes a student’s educational information (e.g., GPA, grades, report cards, transcripts, and course enrollment), as well as any student PII that an educational institution stores.
How Integrate.io Can Help with Data Security
Data security options such as row-level, column-level and table-level security all help ensure that your sensitive Power BI data can get to the right people and remain out of reach to the wrong ones. But what if you want to transfer your data out of Power BI and integrate it with other data sources for reporting and analyses purposes?
Integrate.io can help. The Integrate.io platform is a powerful, feature-rich ETL and data integration tool for building data pipelines from a variety of sources to your data warehouse or data lake in the Cloud. With more than 100 pre-built integrations and connectors and a no-code drag-and-drop user interface, Integrate.io makes it simple to integrate your enterprise data while keeping it protected. In particular, Integrate.io uses SSL/TLS encryption and follows IT best practices for network security, system security, and physical security.
Want to learn how Integrate.io can help keep your sensitive and confidential data safe? Reach out to our team of data experts today for a chat about your business goals or to start your 7-day pilot of the Integrate.io platform.