RBAC for Power BI accessing data held in the Azure Data Lake Gen2

Matthew Scott 1 Reputation point
2021-10-05T09:51:33.213+00:00

Is it possible to enforce RBAC for Power BI accessing Azure Data Lake Storage Gen2? Ideally we would like to enforce table level, row level and column level RBAC to data held within our Azure Data Lake Storage Gen2.

I have researched and found some information using Azure Data Lake Storage Gen2, Delta Lake, Delta Engine, SQL Analytics and possibly Power BI. But the examples lacked details about the role of SQL Analytics and how that interacted with Power BI.

Azure Data Lake Analytics

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. PRADEEPCHEEKATLA-MSFT 78,576 Reputation points Microsoft Employee
    2021-10-06T07:12:45.267+00:00

    Hello @Matthew Scott ,

    Welcome to the Microsoft Q&A platform.

    Is it possible to enforce RBAC for Power BI accessing Azure Data Lake Storage Gen2?

    You need to grant one of the following roles for the storage account: Blob Data Reader, Blob Data Contributor, or Blob Data Owner.

    For more details, refer to Analyze data in Azure Data Lake Storage Gen2 by using Power BI.

    Ideally we would like to enforce table level, row level and column level RBAC to data held within our Azure Data Lake Storage Gen2.

    Azure Data Lake Gen2 has limited data security (no row-level, column-level, dynamic data masking, etc) and the difficulty in accessing it compared to accessing a relational database.

    Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics supports Row-Level Security, Column-level security and dynamic data masking.

    Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs).

    This article describes access control lists in Data Lake Storage Gen2. To learn about how to incorporate Azure RBAC together with ACLs, and how system evaluates them to make authorization decisions, see Access control model in Azure Data Lake Storage Gen2.

    For more details refer the below articles:

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators