Skip to main content

Roles and Permissions

Administrator

DataCentral uses a layered role-based access control (RBAC) system. Roles dictate what administrative actions a user can perform, which reports they can see, and what specific data within those reports is visible to them.

1. System Roles

System Roles define a user's privileges within the DataCentral administration interface.

  • Tenant Administrator: Has full control over the Tenant. Can manage users, OUs, roles, branding, authentication settings, and Power BI items.
  • User Manager: Can add, edit, and delete users, and assign them to existing OUs and Roles. Cannot modify settings or add new Power BI items.
  • Content Manager: Can add, edit, and remove Power BI reports, dashboards, and apps. Cannot manage users or tenant settings.
  • Viewer (Default): Has no administrative privileges. Can only view the reports they have been granted access to.

2. Report Roles

Report Roles control the visibility of items (Reports, Dashboards, Apps) within the DataCentral end-user interface.

  • When you import a Power BI report into DataCentral, you assign one or more Report Roles to it (e.g., Sales Reports, Executive Dashboards).
  • When you assign a user to the Sales Reports role, that report will appear in their navigation menu.
  • If a user does not have the required Report Role, the item is completely hidden from them.

3. Row-Level Security (RLS) Roles

RLS Roles map directly to the Row-Level Security roles defined in your underlying Power BI dataset. They control the data a user sees inside a report.

  • Role Codes: In DataCentral, you create an RLS Role and assign it a "Role Code" (e.g., Region_EMEA).
  • Power BI Mapping: This Role Code must exactly match the name of the RLS role defined in Power BI Desktop.
  • Enforcement: When a user with the Region_EMEA role opens the report, DataCentral passes that Role Code to Power BI. Power BI then filters the data before rendering the visual, ensuring the user only sees EMEA data.

For advanced data filtering scenarios, DataCentral also supports Dynamic RLS and Smart RLS.

Managing Roles

To create or edit a Role:

  1. Navigate to Administration > Roles.
  2. Click Add Role (or click the edit icon next to an existing role).
  3. Enter a Name and Description.
  4. Select the Role Type (System, Report, or RLS).
  5. If creating an RLS role, enter the exact Role Code defined in Power BI.
  6. Click Save.

You can then assign this role to users individually, or map it to an Organizational Unit so that all users in that OU inherit the role automatically.