DP-600 Question #84: Real Exam Question with Answer & Explanation

Question

You have a semantic model named Model1. Model1 contains five tables that all use Import mode. Model1 contains a dynamic row-level security (RLS) role named HR. The HR role filters employee data so that HR managers only see the data of the department to which they are assigned. You publish Model1 to a Fabric tenant and configure RLS role membership. You share the model and related reports to users. An HR manager reports that the data they see in a report is incomplete. What should you do to validate the data seen by the HR Manager?

Options

• ASelect Test as role to view the data as the HR role.
• BFilter the data in the report to match the intended logic of the filter for the HR department.
• CSelect Test as role to view the report as the HR manager.
• DAsk the HR manager to open the report in Microsoft Power BI Desktop.

Explanation

To validate dynamic row-level security (RLS) for a specific user, test the report by viewing it as that user to accurately apply their security context.

Common mistakes.

• A. Testing as the 'HR role' without specifying the individual HR manager would not fully validate dynamic RLS, which depends on the user's identity.
• B. Manually filtering the report would not test the RLS implementation itself and might not accurately reflect the dynamic security logic for the HR manager.
• D. Asking the HR manager to open the report in Power BI Desktop is not a method for an administrator to validate RLS in the service or for a user to troubleshoot service-level RLS issues.

Concept tested. Validating dynamic Row-Level Security (RLS) for specific users

Reference. https://learn.microsoft.com/en-us/power-bi/create-reports/service-admin-rls#validate-the-role-within-the-power-bi-service

No community discussion yet for this question.