This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Choose the best response for each of the questions below.
A data modeler needs to ensure that sales managers see only the sales data for their assigned region. The modeler wants a scalable solution that doesn't require model changes when managers change regions. Which approach should the data modeler use?
Create a static RLS rule for each region and assign managers to the appropriate role.
Create a dynamic RLS rule using USERPRINCIPALNAME() with a security table that maps managers to regions.
Use object-level security to hide regions that each manager shouldn't access.
An organization's semantic model contains an Employee table with a Salary column. General managers need access to the Employee table for contact information, but only HR staff should see salary values. Which security feature should the data modeler configure?
Row-level security to filter salary rows.
Object-level security to restrict the Salary column.
Remove the Salary column from the semantic model and create a separate model for HR.
A data modeler configured RLS on a semantic model and published it to the Power BI service. A Viewer reports that they can see all data instead of just their region's data. What is the most likely cause?
The RLS filter expression contains a syntax error.
The user hasn't been assigned to an RLS role in the Power BI service.
The semantic model uses DirectQuery instead of import mode.
A data modeler needs to test whether RLS correctly filters data before publishing the semantic model to the Power BI service. How should the data modeler verify the security configuration?
Use the View as feature on the Modeling tab in Power BI Desktop to preview data as a specific role.
Publish the model and ask each user to verify their data access.
Review the DAX filter expressions for syntax errors in the formula bar.
A data modeler is deciding how to assign users to RLS roles for a semantic model used by 200 sales representatives across five regions. What is the recommended approach for managing role membership?
Add each sales representative individually to the appropriate regional role.
Map Microsoft Entra security groups to roles, with one security group per region.
Create a Microsoft 365 group for each region and assign the groups to roles.
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?