We currently grant access to a variety of workspaces using AAD groups of the type 'Microsoft 365' and that works as intended. However, when attempting to apply RLS using said group, the AD entry is not found and we receive the following error: 'One or more email addresses could not be validated: {email}'.
Workspace access is granted to a large group of users but we have one report that a subset of those users should have access to. The idea is to use RLS to restrict users access to the underlying dataset to accomplish this. Is there a limitation on what type of AD groups can be used for provisioning RLS? Additionally, are there any alternatives for breaking the inherited workspace access for a particular report?
Thanks in advance!
Hi @kwendel
If you want to apply RLS to groups , you should be aware of its limitations . It does not support all group types .
https://learn.microsoft.com/en-us/power-bi/enterprise/service-admin-rls#add-members
Best Regards,
Community Support Team _ Ailsa Tao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @kwendel
If you want to apply RLS to groups , you should be aware of its limitations . It does not support all group types .
https://learn.microsoft.com/en-us/power-bi/enterprise/service-admin-rls#add-members
Best Regards,
Community Support Team _ Ailsa Tao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Helpful resources
Power BI Monthly Update - April 2024
Check out the April 2024 Power BI update to learn about new features.
Fabric Community Update - April 2024
Find out what's new and trending in the Fabric Community.
