This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 46%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
I have a typical fact table with dimensions Project, Profit Center, etc
In a report, I have a table visual that shows individual numbers; and another table shows the department numbers…
It looks something like this:
][2]
(Left: personal numbers. Right: department numbers)
My goal is that Tim shouldn’t be able to see someone else’s number, but he definitely can (and should) see the aggregated numbers for his department.
I realized that someone accessing from PowerBI or excel can connect to the model and play with the tables, pick another name and see someone else’s number, therefore I have hidden most tables...
But now, I just realized, someone with access can connect from Visual Studio to the SSAS:
The person can open the .bim, unhide all tables, and with the “analyze from excel” option in VS see any numbers…
Is there any way to avoid/prevent this?
More info:
My model:
(Project table has columns Lead1,Lead2,Lead3,Lead4,Lead5 and Lead6… Engagement Role is just an unpivot of this).
On my left visual I have:
(triggering a more restrictive access).
My RLS:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 95%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
It's not tabular model security if it can be bypassed by connecting an unrestricted client application, excel or otherwise. Note that it requires administrator permission to the model for such bypass to happen at all.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi @ovonemty
Maybe you can try creating roles and giving them the appropriate permissions to manage them.
You can refer to this link to try it.manage-roles-by-using-ssms-ssas-tabular
Best regards,
Percy Tang
----------
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our Documentation to enable e-mail notifications if you want to receive the related email notification for this thread.