I have tables called
Groups that has AD_Group, Login_ID,
Security that has AD_Group, Territory
Fact that has SalesValue, SalesCost, SalesProfit, Territory
Manage Roles - Anyone in the general access role we filter by Login_ID = USERPRINCIPALNAME()
So if you are in the group that can see data for UK this then only show you data for the uk.
So thats row level security done and works ok
Now we also have a gorup that cant see SalesCost and SalesProfit
if you are in that group there is a Measure [SensitiveData] that is 1 if you can see it or 0 if you cant.
I thought we were done ther but…
What happens if a user downloads the pbix for the data set - they will be able to see all of the inner workings
If a user does the same downloading the report linked to the data set they can publish a modified data set and repoint the report
Is this really a secure way of working?
Thanks
E