Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more.
Get startedGrow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.
We currently grant access to a variety of workspaces using AAD groups of the type 'Microsoft 365' and that works as intended. However, when attempting to apply RLS using said group, the AD entry is not found and we receive the following error: 'One or more email addresses could not be validated: {email}'.
Workspace access is granted to a large group of users but we have one report that a subset of those users should have access to. The idea is to use RLS to restrict users access to the underlying dataset to accomplish this. Is there a limitation on what type of AD groups can be used for provisioning RLS? Additionally, are there any alternatives for breaking the inherited workspace access for a particular report?
Thanks in advance!
Solved! Go to Solution.
Hi @kwendel
If you want to apply RLS to groups , you should be aware of its limitations . It does not support all group types .
https://learn.microsoft.com/en-us/power-bi/enterprise/service-admin-rls#add-members
Best Regards,
Community Support Team _ Ailsa Tao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @kwendel
If you want to apply RLS to groups , you should be aware of its limitations . It does not support all group types .
https://learn.microsoft.com/en-us/power-bi/enterprise/service-admin-rls#add-members
Best Regards,
Community Support Team _ Ailsa Tao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @kwendel
As far as I know for RLS you need to use AAD Security Groups for this to work.
The same AAD Security Group can then be used for any other access in Power BI.