Roles
The Roles feature in AnalyticsCreator is used to define security access and row-level filtering rules for users within semantic models such as Tabular or Multidimensional cubes. Roles define what data a user can see and interact with when connecting to the model.
Function
Roles assign specific users to security profiles that control access through filter expressions (DAX) and rights settings. Each role can be configured to apply to either Tabular or Multidimensional models, and can include detailed per-table filtering logic for dynamic access control.
Access
Roles are managed under the DWH > Roles section. Each role includes a name, user assignments, rights definition, cube type applicability, and DAX filters for fine-grained row-level security.
List Properties
| ID | Property | Description |
|---|---|---|
| 1 | Name | Displays the role name used in the semantic model for access control |
| 2 | Description | Provides an optional text description of the role’s purpose |
| 3 | Delete | Removes the selected role definition from the list |
| 4 | Duplicate | Creates a copy of the selected role including all DAX filters and users |
| 5 | New | Opens the Roles Edit screen to define a new role |
Edit Properties
| ID | Property | Description |
|---|---|---|
| 1 | Name | The name of the role used to define access in the semantic layer |
| 2 | Users | List of users assigned to the role |
| 3 | Description | Optional text explaining the purpose of the role |
| 4 | Tabular cube | Enables the role for a Tabular cube model |
| 5 | Multidimensional cube | Enables the role for a Multidimensional cube model |
| 6 | Rights | Predefined access level (e.g., Reader, Administrator) |
| 7 | DAX Filter Info | Provides a reference example for writing DAX filters |
| 8 | DAX Filter | DAX expression for row-level security per table |
| 9 | Disable | Disables the row-level filter for the associated table |
Screen Overview
The image below shows the List Roles interface with columns labeled for easy identification.
The image below shows the Roles Edit screen used for creating or modifying role definitions.
Behavior
- Roles are evaluated during deployment and applied to the semantic model
- Each role can restrict access to rows in tables using DAX filters
- Roles can be reused across environments and user groups
- Multiple users can be assigned to the same role
- Disabling a table’s filter ignores DAX logic for that specific table
Notes
- Roles are essential for implementing row-level security (RLS)
- DAX expressions should follow valid syntax to ensure proper filtering
- Rights settings affect the default access behavior for the role
- Roles integrate directly into the semantic model upon deployment
