Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.
We currently grant access to a variety of workspaces using AAD groups of the type 'Microsoft 365' and that works as intended. However, when attempting to apply RLS using said group, the AD entry is not found and we receive the following error: 'One or more email addresses could not be validated: {email}'.
Workspace access is granted to a large group of users but we have one report that a subset of those users should have access to. The idea is to use RLS to restrict users access to the underlying dataset to accomplish this. Is there a limitation on what type of AD groups can be used for provisioning RLS? Additionally, are there any alternatives for breaking the inherited workspace access for a particular report?
Thanks in advance!
Solved! Go to Solution.
Hi @kwendel
If you want to apply RLS to groups , you should be aware of its limitations . It does not support all group types .
https://learn.microsoft.com/en-us/power-bi/enterprise/service-admin-rls#add-members
Best Regards,
Community Support Team _ Ailsa Tao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @kwendel
If you want to apply RLS to groups , you should be aware of its limitations . It does not support all group types .
https://learn.microsoft.com/en-us/power-bi/enterprise/service-admin-rls#add-members
Best Regards,
Community Support Team _ Ailsa Tao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @kwendel
As far as I know for RLS you need to use AAD Security Groups for this to work.
The same AAD Security Group can then be used for any other access in Power BI.