This weblog collection enhances a YouTube tutorial I revealed earlier this month, the place I rapidly coated the state of affairs and implementation of shared semantic fashions in Microsoft Cloth. Nevertheless, I realised this matter calls for a extra detailed rationalization for many who want a deeper understanding of the processes and issues concerned in one of the crucial frequent enterprise-grade BI eventualities.

In organisations with robust safety and governance necessities, implementing shared semantic fashions is significant to make sure seamless and safe entry to knowledge. These organisations usually break up roles throughout numerous groups liable for productionising analytics options. Sometimes, they’ve strict Row-Stage Safety (RLS) and Object-Stage Safety (OLS) carried out of their semantic fashions. The aim is to allow two key teams throughout the organisation:

• Report Writers: They have to entry the semantic fashions securely. This implies having enough permissions to create studies whereas making certain entry is restricted to solely the related objects and knowledge.
• Finish-Customers: They want entry to reliable and related info with out coping with underlying complexities. All of the heavy lifting ought to be managed behind the scenes.

The primary weblog laid the groundwork by protecting all of the important core ideas essential for efficiently implementing this state of affairs. It additionally offered a transparent rationalization of the roles concerned within the course of.

Weblog Sequence Overview

Initially, I deliberate to cowl every thing in a single put up. Nevertheless, the scope turned out to be too massive, so I break up it into two elements to make sure readability and keep away from overwhelming readers. Right here’s what the collection consists of:

By the tip of this weblog, you’ll apply the understanding from the earlier put up to a real-world state of affairs, managing safe entry to shared semantic fashions in Microsoft Cloth, and implement the answer step-by-step.

When you favor a video format, try the tutorial on YouTube:

For individuals who get pleasure from diving into the main points, let’s get began!

Finish-to-end Implementation of Shared Semantic Fashions

Implementing shared semantic fashions in Microsoft Cloth requires a well-structured method to steadiness safety, governance, and accessibility. On this part, we construct upon the structure mentioned within the earlier put up. This structure is designed to accommodate the distinctive wants of enterprise-grade BI environments, the place roles are clearly break up between these liable for creating and managing the semantic fashions, the report writers leveraging these fashions for reporting and analytics, and the tip customers of those studies. This method ensures sturdy Row-Stage Safety (RLS) and Object-Stage Safety (OLS) mechanisms are in place whereas enabling seamless collaboration throughout the organisation.

The structure focuses on centralising governance throughout the semantic mannequin layer, with clear distinctions between growth and consumption roles. This enables report writers to hook up with the shared fashions securely with out having access to delicate knowledge past their scope. Finish-users, in flip, profit from a simplified expertise, accessing solely the related and reliable insights with no need to know the complexities behind the scenes. The previous diagram illustrates this structure and supplies a visible reference.

Configuring Cloth Admin Portal Settings

The Cloth Admin Portal serves because the central hub for managing your Microsoft Cloth tenant settings, together with these crucial to the operation of shared semantic fashions. Correct configuration is significant to make sure these fashions perform securely and effectively inside your organisation. On this specific state of affairs we have to allow the Use semantic fashions throughout workspaces within the Microsoft Cloth Admin Portal. This setting permits the performance that enables shared semantic fashions to be accessed by customers throughout completely different workspaces in your tenant.

In sensible phrases, this setting ensures that:

• Centralised Semantic Fashions: A semantic mannequin developed and deployed in a single workspace could be securely linked to studies, dashboards, and different artefacts in numerous workspaces. This promotes reuse, reduces duplication, and ensures consistency in knowledge definitions and calculations throughout the organisation.
• Safe Knowledge Sharing: By enabling this setting, you preserve governance and safety by way of the appliance of Row-Stage Safety (RLS) and Object-Stage Safety (OLS), making certain that customers accessing the shared semantic fashions solely see the information and objects they’re authorised to view.
• Improved Collaboration: Report writers and analysts in numerous groups can connect with the identical semantic mannequin with no need to duplicate knowledge or calculations, fostering a collaborative and environment friendly setting whereas sustaining strict knowledge safety.

To handle this setting, you want the Microsoft Cloth Administrator function.

Listed below are the steps to configure the settings:

1. Click on the Settings button.
2. Choose the Admin portal hyperlink.
3. Navigate to Tenant settings.
4. Seek for semantic fashions.
5. Beneath Workspace settings, increase Use semantic fashions throughout workspaces.
6. Allow the toggle.
7. Select easy methods to apply this setting (finest follow is enabling it for particular safety teams).
8. Click on Apply.

Enabling this setting is essential for shared semantic fashions to work throughout workspaces. Skipping this step would end in an unsuccessful implementation.

Grant Construct Permission on Semantic Fashions

To allow report writers to create studies on prime of a shared semantic mannequin, they should have Construct permission on the semantic mannequin. This permission permits them to hook up with the semantic mannequin, and construct studies with out exposing delicate knowledge. With out this step, report writers wouldn’t be capable to connect with the shared semantic fashions, blocking them from creating the required studies.

To configure semantic mannequin permissions you could have at the least Member function on the workspace.

The next steps clarify easy methods to grant Construct permission on a semantic mannequin:

1. Navigate to the specified workspace.
2. Hover over the specified semantic mannequin and click on the ellipsis button.
3. Click on the Handle permissions choice.

4. Click on the Add consumer button.
5. Kind in and choose the specified safety group or consumer.
6. Tick the Permit recipients to construct content material with the information related to this semantic mannequin choice and take away all different choices (except required in your state of affairs).
7. Click on the Grant entry button.

After granting the permission you could see the permission on the Direct entry tab.

To vary the permission for an current consumer or group, click on the ellipsis button in entrance of the group and alter their permission as proven within the following picture:

To this point, we have now the required setup for the report writers to entry the semantic mannequin. However they will be unable to create studies if the accessed semantic mannequin accommodates Row-Stage Safety (RLS) or Object-Stage Safety (OLS) except we assign them to the required RLS/OLS function(s). This takes us to the subsequent part.

Position Task for RLS/OLS in Microsoft Cloth

As talked about earlier, report writers will be unable to create studies from an accessed semantic mannequin if the semantic mannequin has Row-Stage Safety (RLS) or Object-Stage Safety (OLS) utilized. The reason being that, by default, customers or safety teams not assigned to the suitable RLS/OLS roles are denied entry to the restricted knowledge or objects. This default behaviour ensures safety however prevents report writers from accessing the required knowledge to create studies. To assign customers or safety teams to the related RLS/OLS roles, we should have the Contributor function on the workspace internet hosting the semantic mannequin. The next steps define easy methods to carry out these assignments to allow entry whereas sustaining governance and safety:

1. Navigate to the specified workspace.
2. Hover over the semantic mannequin and click on the ellipsis button.
3. Choose the Safety choice.

4. Choose a desired function.
5. Enter and choose a consumer identify or a safety group.
6. Click on the Add button.
7. Click on the Save button.

To this point we have now granted all essential rights to the report writers to create studies from a shared semantic mannequin. The following step for the report writers is to save lots of the studies in a workspace. This takes us to the subsequent part.

Add Workspace Contributor Position to Report Writers

At this stage, the report writers have all the required permissions to create new studies from the shared semantic fashions. The following step is to make sure they will save these studies in a delegated workspace. For this, the report writers must be assigned at the least the Contributor function on the workspace the place the studies will probably be saved.

It is very important be aware that this workspace is separate from the one internet hosting the semantic fashions. Whereas the semantic mannequin resides in a centralised workspace for governance and safety, the studies are usually saved in workspaces devoted to particular groups, tasks, or departments. Assigning the Contributor function ensures that report writers have the required permissions to create, edit, and handle studies throughout the designated workspace, whereas sustaining compliance with safety and governance finest practices. To assign the Contributor function, you could have at the least the Member function on the workspace the place the studies will probably be saved.

Observe these steps:

1. Navigate to the specified workspace.
2. Click on the Handle entry choice.
3. Click on the Add folks or teams button.
4. Kind in and choose the identify of the consumer or safety group.
5. Choose the Contributor function from the dropdown.
6. Click on the Add button.

Word

To vary the workspace function for current folks or teams, you could have the Admin function on the workspace. Nevertheless, so as to add new folks or teams, having the Member function is enough.

Required Entry for the Finish-Customers

At this level, every thing is ready for the report writers to create and save studies securely utilizing the semantic fashions with out compromising safety and governance. The ultimate step is to grant the required entry to the end-users to allow them to view the studies.

Relying on the content material supply technique accepted in your organisation, end-users might have the Viewer function on the workspace the place the studies are saved in case you intend to offer them direct entry to the workspace. For eventualities involving sharing particular person studies or utilizing Organisational Apps, the required permissions and settings might differ. To maintain this state of affairs easy, I’ll assume you’re snug granting the end-users a Viewer function on the reporting workspace. Because the steps to assign this function are practically an identical to these defined within the earlier part, I received’t repeat them right here.

Lastly, make sure the end-users are assigned to the suitable RLS/OLS roles on the semantic mannequin. With out this, they are going to solely see clean studies. The method for assigning these roles is detailed within the Position Task for RLS/OLS in Microsoft Cloth part of this weblog, so it isn’t repeated right here.

Conclusion

Implementing shared semantic fashions in Microsoft Cloth requires cautious planning and exact configuration to make sure safety, governance, and accessibility throughout the organisation. On this two-part weblog collection, we explored the foundational ideas and end-to-end implementation steps for one of the crucial frequent enterprise-grade BI eventualities. The earlier weblog centered on the core ideas, together with workspace administration, consumer roles, and the significance of shared semantic fashions. On this put up, we constructed on that basis by strolling by way of the detailed implementation course of, from configuring the Cloth Admin Portal to granting permissions and making certain the precise roles are assigned to report writers and end-users.

This collection goes past the corresponding tutorial video on YouTube, providing extra in-depth explanations and sensible steerage for many who need to absolutely perceive easy methods to handle shared semantic fashions successfully in a safe and ruled setting.

As that is my final weblog of 2024, I need to take a second to want you all a really completely satisfied New Yr and a robust, profitable begin to 2025. Thanks for studying and being a part of this journey!

Observe me on LinkedIn, YouTube, Bluesky and X (previously Twitter).