Business Intelligence, Business Intelligence Platform, Data Education & Training, PL-300, Power BI

Practice Questions: Configure Access to Semantic Models (PL-300 Exam Prep)

 
This post is a part of the PL-300: Microsoft Power BI Data Analyst Exam Prep Hub; and this topic falls under these sections:
Manage and secure Power BI (15–20%)
   --> Secure and govern Power BI items
      --> Configure access to semantic models

Below are 10 practice questions (with answers and explanations) for this topic of the exam.
There are also 2 practice tests for the PL-300 exam with 60 questions each (with answers) available on the hub.

Practice Questions

Question 1

A user can view reports in a workspace but cannot create a new report using the existing semantic model. What is the most likely reason?

A. The user does not have Read permission on the semantic model
B. The user does not have Build permission on the semantic model
C. The user is not assigned a Row-Level Security role
D. The semantic model is not endorsed

Correct Answer: B

Explanation:
Creating new reports from a semantic model requires Build permission. A user can still view reports without Build permission, which makes this a common exam scenario.

Question 2

Which workspace role allows a user to edit semantic models and manage permissions?

A. Viewer
B. Contributor
C. Member
D. App user

Correct Answer: C

Explanation:
Members can publish, update, and manage semantic models, including assigning permissions. Contributors can edit content but cannot manage access.

Question 3

You want business users to create their own reports while preventing them from modifying the semantic model. What is the best approach?

A. Assign users the Viewer role and grant Build permission on the semantic model
B. Assign users the Contributor role
C. Assign users the Admin role
D. Publish the reports through a Power BI App only

Correct Answer: A

Explanation:
Granting Viewer role + Build permission enables self-service report creation without allowing model changes—this is a best practice and frequently tested.

Question 4

Where is Row-Level Security (RLS) enforced?

A. At the report level
B. At the dashboard level
C. At the semantic model level
D. At the workspace level

Correct Answer: C

Explanation:
RLS is defined in Power BI Desktop and enforced at the semantic model level, applying to all reports that use the model.

Question 5

Which DAX function is commonly used to implement dynamic Row-Level Security?

A. SELECTEDVALUE()
B. USERELATIONSHIP()
C. USERPRINCIPALNAME()
D. LOOKUPVALUE()

Correct Answer: C

Explanation:
USERPRINCIPALNAME() returns the logged-in user’s email or UPN and is commonly used in dynamic RLS filters.

Question 6

A user with Viewer access can see a report but receives an error when using Analyze in Excel. What is the most likely issue?

A. The user is not licensed for Power BI
B. The semantic model is not certified
C. The user does not have Build permission
D. RLS is incorrectly configured

Correct Answer: C

Explanation:
Analyze in Excel requires Build permission on the semantic model. Viewer role alone is insufficient.

Question 7

Which permission allows a user to share a semantic model with others?

A. Read
B. Build
C. Reshare
D. Admin

Correct Answer: C

Explanation:
The Reshare permission explicitly allows users to share the semantic model with other users or groups.

Question 8

What is the primary purpose of certifying a semantic model?

A. To apply Row-Level Security automatically
B. To improve query performance
C. To indicate the model is an approved and trusted data source
D. To allow external tool access

Correct Answer: C

Explanation:
Certification signals that a semantic model is officially approved and governed, helping users identify trusted data sources.

Question 9

Which approach is recommended for managing access to semantic models at scale?

A. Assign permissions to individual users
B. Use Microsoft Entra ID (Azure AD) security groups
C. Share semantic models directly from Power BI Desktop
D. Grant Admin role to all analysts

Correct Answer: B

Explanation:
Using security groups simplifies access management, supports scalability, and aligns with governance best practices.

Question 10

A report is published using a semantic model that has RLS enabled. A user accesses the report through a Power BI App. What happens?

A. RLS is ignored when using apps
B. RLS must be reconfigured for the app
C. RLS is enforced automatically
D. Only static RLS is applied

Correct Answer: C

Explanation:
Row-Level Security is always enforced at the semantic model level, regardless of whether content is accessed via a workspace, report, or app.

Final Exam Tips

  • Build permission is the most frequently tested concept
  • Viewer + Build is a common least-privilege design pattern
  • RLS always applies at the semantic model level
  • Certification is about trust and governance, not security
  • Apps do not bypass semantic model security

Go back to the PL-300 Exam Prep Hub main page

Leave a comment