{"id":183,"date":"2025-09-16T00:00:00","date_gmt":"2025-09-16T00:00:00","guid":{"rendered":"https:\/\/blog.ivos.place\/?p=183"},"modified":"2025-09-16T06:18:47","modified_gmt":"2025-09-16T06:18:47","slug":"tmdl-case-1-3-rls-generator","status":"publish","type":"post","link":"https:\/\/blog.ivos.place\/?p=183","title":{"rendered":"TMDL demo 1\/3: RLS Generator"},"content":{"rendered":"\n

Disclaimer<\/h2>\n\n\n\n

This blog post is part of a three-part series based on my speaker session at the European Microsoft Fabric Community Conference 2025 (FabCon) in Vienna, which I had the pleasure of delivering together with my colleague Roger Unholz<\/a><\/strong>.

Our session, titled \u201cTMDL Playoffs\u201d<\/em>, was a fast-paced showdown where we shared our favorite tips and tricks for working with TMDL. In this series, I\u2019ll take a deeper dive into each topic we presented on stage and explore them in more detail.All source files referenced throughout the posts are available in my public GitHub repository.

Please note, <\/strong>that the scripts are not tested for every scenario, that they are only created for demonstration purposes and should never be applied on any running, productive enviroments. <\/strong>
Link: ivsch\/TMDLPlayoffs<\/a>.<\/p>\n\n\n\n

Idea<\/h2>\n\n\n\n

The configuration of Role Level Security (RLS) within Power BI semantic models can sometimes be straightforward, but at other times it can feel like opening Pandora\u2019s box. In most customer scenarios I encounter, the RLS setup is fairly basic. Nevertheless, managing RLS across a large number of semantic models can be a real challenge, especially when ensuring that the correct settings are applied consistently.<\/p>\n\n\n\n

To address this, I often maintain role definitions outside of the semantic model to provide a clear overview of all enabled RLS settings. That could be a Excel file as well as a small “security application”. This should then be the basic information for a simple script generator to quickly and reliably apply the defined roles to a Power BI semantic model file.<\/p>\n\n\n\n

TMDL RLS definition<\/h2>\n\n\n\n

To check existing RLS definitions in your Power BI semantic model, first enable the TMDL view in Power BI Desktop settings (currently available under Preview features<\/em>).

On the right side of your semantic model, you\u2019ll find all the objects available in the TMDL scripting language. If you drag and drop the Roles object into the script window, you\u2019ll see the definition of the roles.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Outcome<\/h2>\n\n\n\n

Even if it\u2019s not a complete solution for handling complex RLS definitions, the most common\/basic scenarios can be covered with the Jupyter Notebook apply_rls<\/code><\/strong> in the GitHub source folder.

In the very first cell, you can provide all settings for the roles you want to apply. At the moment, the script only works with string<\/strong> values; it can be extended\/adjusted to support other data types.<\/p>\n\n\n\n

<\/circle><\/circle><\/circle><\/g><\/svg><\/span>