This post is a part of the PL-300: Microsoft Power BI Data Analyst Exam Prep Hub; and this topic falls under these sections:
Manage and secure Power BI (15–20%)
   --> Secure and govern Power BI items
      --> Configure item-level access

Below are 10 practice questions (with answers and explanations) for this topic of the exam.
There are also 2 practice tests for the PL-300 exam with 60 questions each (with answers) available on the hub.

---

Practice Questions

---

Question 1

You want business users to create their own reports using an existing semantic model, but you do not want them to edit the model. What should you grant them?

A. Workspace Viewer role
B. Workspace Contributor role
C. Build permission on the semantic model
D. Read permission on the report

✅ Correct Answer: C

Explanation:
The Build permission allows users to create new reports using a semantic model without modifying it. Viewer access alone does not allow report creation, and Contributor access is broader than required.

---

Question 2

A user can view a dashboard but sees broken tiles that fail to load data. What is the most likely cause?

A. The dataset refresh failed
B. The user lacks Build permission
C. The user does not have access to the underlying report
D. The dashboard was shared incorrectly

✅ Correct Answer: C

Explanation:
Dashboard tiles link back to underlying reports. If the user does not have access to those reports, the tiles will not display correctly—even if the dashboard itself is shared.

---

Question 3

Which permission allows a user to create a new report in Power BI Desktop using a published semantic model?

A. Read
B. Viewer
C. Contributor
D. Build

✅ Correct Answer: D

Explanation:
Only the Build permission enables users to create new reports from an existing semantic model, including using Power BI Desktop or Analyze in Excel.

---

Question 4

You need to limit who can see specific reports within a Power BI app without creating multiple apps. What should you use?

A. Row-level security (RLS)
B. Workspace roles
C. App audiences
D. Dataset permissions

✅ Correct Answer: C

Explanation:
App audiences provide item-level visibility within an app, allowing different user groups to see different reports or dashboards.

---

Question 5

Which statement best describes item-level access?

A. It controls what data rows users can see
B. It controls access to entire workspaces
C. It controls access to individual Power BI items
D. It replaces workspace roles

✅ Correct Answer: C

Explanation:
Item-level access applies to individual items such as reports, dashboards, and datasets. It does not control row-level data access and does not replace workspace roles.

---

Question 6

A user has access to a report but cannot export data from it. What is the most likely explanation?

A. The dataset is using DirectQuery
B. The report is in a Premium workspace
C. Export permissions are restricted at the report or tenant level
D. The user lacks RLS permissions

✅ Correct Answer: C

Explanation:
Export behavior is governed by item-level settings and tenant-level policies, not RLS or workspace type alone.

---

Question 7

When sharing a report, which permission must be explicitly granted if the user needs to reshare it with others?

A. Build
B. Viewer
C. Contributor
D. Reshare

✅ Correct Answer: D

Explanation:
The Reshare permission must be explicitly enabled when sharing an item. Without it, users can view the report but cannot share it further.

---

Question 8

Which scenario requires item-level access instead of workspace roles?

A. Granting full control of all assets
B. Managing dataset refresh schedules
C. Allowing users to view only specific reports in a workspace
D. Enabling paginated report creation

✅ Correct Answer: C

Explanation:
Item-level access allows fine-grained control over individual assets, making it ideal when users should only see specific reports.

---

Question 9

How does item-level access differ from row-level security (RLS)?

A. Item-level access controls data rows
B. RLS controls report visibility
C. Item-level access controls content access; RLS controls data visibility
D. They serve the same purpose

✅ Correct Answer: C

Explanation:
Item-level access determines whether a user can open or interact with content, while RLS limits the data shown within that content.

---

Question 10

What is the recommended best practice when assigning item-level access at scale?

A. Assign permissions to individual users
B. Use workspace roles only
C. Use Azure AD security groups
D. Share reports anonymously

✅ Correct Answer: C

Explanation:
Using Azure AD security groups improves scalability, simplifies maintenance, and aligns with enterprise governance best practices.

---

Exam Readiness Tip

If you can confidently answer questions about:

• Build vs Read vs Reshare
• Dashboards vs reports vs datasets
• Item-level access vs workspace roles vs RLS

…you are in excellent shape for PL-300 questions in this domain.

---

Go back to the PL-300 Exam Prep Hub main page