PowerBI 实现动态权限管理
1.前置条件数据准备
1.1 创建表:
CREATE TABLE `user_permissions_test` (
`city_name` varchar(20) COMMENT '城市名称',
`user_name` varchar(20) COMMENT '用户名称'
) ENGINE=InnoDB AUTO_INCREMENT=8915 DEFAULT CHARSET=utf8 COMMENT='用户城市权限’;1.2 倒入数据
insert into user_permissions_test values("长沙市","[email protected]");
insert into user_permissions_test values("苏州市","[email protected]");
insert into user_permissions_test values("南宁市","[email protected]");
insert into user_permissions_test values("济南市","[email protected]");
insert into user_permissions_test values("厦门市","[email protected]");
insert into user_permissions_test values("天津市","[email protected]");
insert into user_permissions_test values("郑州市","[email protected]");
insert into user_permissions_test values("保定市","[email protected]");
insert into user_permissions_test values("德州市","[email protected]");
insert into user_permissions_test values("惠州市","[email protected]" );
insert into user_permissions_test values("福州市","[email protected]");
insert into user_permissions_test values("深圳市","[email protected]");
insert into user_permissions_test values("芜湖市","[email protected]");
insert into user_permissions_test values("成都市","[email protected]");
insert into user_permissions_test values("淮安市","[email protected]");
insert into user_permissions_test values("武汉市","[email protected]");
insert into user_permissions_test values("西安市","[email protected]");
insert into user_permissions_test values("合肥市","[email protected]");
insert into user_permissions_test values("昆明市","[email protected]");
insert into user_permissions_test values("沈阳市","[email protected]");
insert into user_permissions_test values("广州市","[email protected]");
insert into user_permissions_test values("哈尔滨市","[email protected]");
insert into user_permissions_test values("上海市","[email protected]");
insert into user_permissions_test values("北京市","[email protected]");
insert into user_permissions_test values("咸阳市","[email protected]");
insert into user_permissions_test values("泉州市","[email protected]");
insert into user_permissions_test values("青岛市","[email protected]");
insert into user_permissions_test values("扬州市","[email protected]");
insert into user_permissions_test values("湖州市","[email protected]");
insert into user_permissions_test values("宁波市","[email protected]");
insert into user_permissions_test values("南京市","[email protected]");
insert into user_permissions_test values("绍兴市","[email protected]");
insert into user_permissions_test values("温州市","[email protected]");
insert into user_permissions_test values("佛山市","[email protected]");
insert into user_permissions_test values("长春市","[email protected]");
insert into user_permissions_test values("双鸭市","[email protected]");
insert into user_permissions_test values("南通市","[email protected]");
insert into user_permissions_test values("廊坊市","[email protected]");
insert into user_permissions_test values("常州市","[email protected]");
insert into user_permissions_test values("蚌埠市","[email protected]");
1.3 将数据同步到powerBI中
SELECT
city_name AS "城市名称",
user_name AS "用户名称"
FROM user_permissions_test;
2.PowerBI实现动态权限控制的几种方案与建议
2.1 PowerBI 中行级别安全性的静态设置
这种方案的缺点是在本地会进行大量的开发并且当某一个用户的权限发生改变,我们需要在powerbi desktop 和powerbi service端重新设置,所以改方案不建议使用。
具体实现案例:https://download.csdn.net/download/luomingkui1109/11285748
2.2 用 USERNAME() 实现动态安全性设置
这种方案的的的核心实现思想是在desktop中通过username() 动态获取当前登陆用户,具体实现步骤如下:
2.2.1 前置条件:
我们需要数据应用端最少提供如下数据(登陆当前PowerBIService端的用户邮箱,用户拥有那些城市的权限),我们同步到powerBI Desktop中。示例如下:
2.2.2 我们在powerbi中建立好映射关系,在管理角色中新建角色名,通过usernae函数或许当前登陆用户,具体实现如下:
2.2.3 将开发好的功能上传到powerBIservice端,并进行行级别安全性的设置,具体设置如下:
2.2.4 然后在powerbi service端就可以看到自己所属区域了
实现案例:https://download.csdn.net/download/luomingkui1109/11285748
2.3 由权限控制表来动态控制 PowerBI 权限
该方案和上面不同的是powerbi desktop通过脚本实现动态权限控制,还是需要在管理角色中进行设置。其它的都一致。
是否拥有城市权限城市 =
VAR AccessItemName = SELECTEDVALUE('用户城市权限'[城市名称])
VAR AccessItemType = "西安市"
VAR CurrentUserAccessTable = FILTER('用户城市权限','用户城市权限'[用户名称] = USERNAME() && '用户城市权限'[城市名称] = AccessItemType)
VAR CurrentUserAccessItems = CALCULATETABLE(VALUES('用户城市权限'[城市名称]),CurrentUserAccessTable)
RETURN AccessItemName IN CurrentUserAccessItems
实现案例:https://download.csdn.net/download/luomingkui1109/11285748
2.4 综上所属:
我们目前可行的是方案2或者方案3,优点是不用在客户端进行大量的开发和设置,但目前存在如下不足,值得我们去思考和权衡:
1.每注册一个用户,我们需要在powerBI Service端进行权限配置设置,比较麻烦;
2.如果有人专门做上面的工作,现在我们在数据仓库中每天刷新一次数据,新注册的用户数据不能实时同步到数据仓库,导致用户当天无法查看数据(需要数据仓库重新设置刷新数据机制)
3.如果数据同步到数据仓库,在PoserBI Serviec端也有定时刷新计划,我们需要更快频率的刷新数据。
3.主要使用到的函数
使用函数:USERNAME() 和USERPRINCIPALNAME()
角色名:right_conrtl
函数使用方法:[登录用户] = username()
4.参考资料:
https://docs.microsoft.com/en-us/previous-versions/sql/sql-server-2012/hh230954(v=sql.110)
https://docs.microsoft.com/zh-cn/power-bi/service-admin-rls
https://blog.csdn.net/jessica_seiya/article/details/85264478
http://www.360doc.com/content/18/0725/04/19639053_773006270.shtml
http://www.360doc.com/content/18/0725/04/19639053_773006144.shtml