# Power BI TMDL Security Roles Done Right ## Метаданные - **Канал:** Guy in a Cube - **YouTube:** https://www.youtube.com/watch?v=_M64cir4cqU - **Источник:** https://ekstraktznaniy.ru/video/44576 ## Транскрипт ### Segment 1 (00:00 - 03:00) [] Me, me, me. I dunno why I did that. Yooo, what is up everyone? Today I wanna show you a quick trick for managing your security in your Direct Lake Semantic model. So normally if you want to add a user or a role, you go to the Power BI service, open the Semantic model, click security, and then. Manually add your users to the role, right? That works, but it also means role membership is done in the UI, which makes it harder to automate, harder to version, harder to manage through deployment. Instead, you can manage role membership directly in the model definition. Guess what? Using TMDL. Wow. So you know, all we like to do enough of all this talking. Let's do what? Let's head over to my laptop. So I'm in the service and what you would normally do to manage your roles, you would go here and you create your role. And now right here, you could choose the roles. So let's choose East. And you can see assign, right? I've added Adam here. And then in the role I go, had go to stores and you can see Adam can only see East Region. And so if I wanted to add additional people to this role, I would go to assign and then I would add those people to the role. It's not a bad process, it's just the very manual one. And when I was in Norway, I delivered a workshop Fabric for the Power BI user. And I'll be honest you with, you live in front of the audience. We actually figured this out. And I was like, no way this works. No way. This works. And it actually does. Let me show you what we did was I was in Power BI Desktop and if you have a model created a direct lake semantic model, you can edit it in the web, but you can also desktop. So open up Power BI Desktop. I'm gonna go get my semantic model. Here's the name of my semantic model. You don't just click connect 'cause you'll live connect to it. You click the drop down here and you choose edit. And when you choose, edit the model's here. Okay? And I went over to TMDL and I saw the roles. This is exactly how it happened, I'm telling you. So I went over to roles and I drug it and I was looking, I was like, all right, this is this role. This is how you create one. And I noticed someone here when we were in the service, you saw Adam was part of the East role. And when I drug that into my TMDL view, you could see Adam is part of the east role. And that got me to thinking, I was like, can I add someone else to a role? So let's try. And so what I did was right here. Tabbing is really important. So member, and look at there. Member. And then I thought it's RLS enabled. I think that's the name of it. We'll check. RLS enabled role. So this is a group. I'm testing the group out here, right? And so let's click apply. And boom, look at this. Change is applied to the model. So if we go back to the service and we go to manage roles West and we choose assign, look at there, look, rlsmailenabled group, and it adds it directly from the desktop. And if we do it again, you can do multiple, right? So we can do member, and then we can say, I think it's johndoe@guyinacube. com. So let's try that. Click apply. So I just want to show you a group and a person. So we go back over to the service Manage roles, assign, you see Adam, and then if we go, I think it was West. Assign and then you see John Doe What? And this has a big advantage. You can manage it right there as part of the model definition, and it becomes part of your version control if you wanna do that. Have you tried this? Did you stumble upon this? Like me? I love to know you know what to do. Put some comments where in the comments below, if you wanna learn more about Fabric, or Power BI, it's probably a video flying above my head. And as always, from Marthe, Adam, this guy. Thanks for watching. See you in the next video.