Roles

In Roles.yaml we define the roles that can be used in the model.yaml. To add users to a role, just define them in the roles.yaml. Since this can be quite a long list of users, it's most advisable to have Entra-groups where those people can be added and that roles.yaml only contains that Entra-group.

Next to specific rights on the model, there are also more general rights on PowerBI.com. Like workspace access and dataset permissions (Build, Write, Admin etc)

For the latter, you are advised to use Entra-groups as well, but it is out of the scope of Easy Tabular. To develop Power BI reports or connect with Excel you need to be in such a group.

- Role: 
  Name: NoFinance
  Alias: NoFinance
  Description: "Access without finance data"
  Groups:
  - NoFinance@easytabular

In the model.yaml file, this role can be set on a table or a column with the ProhibitedRoles or PermittedRoles key (string array). With ProhibitedRoles defined on a table, the whole table is not accessible anymore for that role, with PermittedRoles set, the role has access to the table. For column this is the same. The default is that every role has access (permitted) to all objects in a tabular.

- Table:
  Name: Finance
  TableType: Fact    
  Description: "Fact table with sensitive finance data"
  ProhibitedRoles: [NoFinance]

In this case the whole facttable Finance is not accessible for the role NoFinance.