Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

Create a Role to Ignore Role Level Security?

‎12-13-2016 01:25 PM

 

Okay. So I have a basic role set up and it's working fine. I have a two tables that are joined together and have checked the "Apply security filter in both directions" box. So when a user logs in, the system "sees" their department (from Table A) and filters out any / all other departments from Table B. They only see what they should.

 

The question is, can I make a second role that "ignores" this rule for a specific individual? I want it so that anyone from "Dept Z" can see information from all departments, rather than those from only "Dept Z". 


This is also setup in a group, so that each person of the group only has "view" access and I can't change it so that they're admin. 

 

Any help / thoughts / guidance would be appreciated.

 

Thanks,

Jonathan 

Message 1 of 3
854 Views
0
1 ACCEPTED SOLUTION
v-qiuyu-msft
Community Support
Community Support

‎12-14-2016 09:50 PM

Hi @Anonymous,

 

If I understand it correctly, you already created a RLS role for users to access data belong to their department. And you want to set one of the department (eg: "Dept Z") can view all department data, right?

 

When you add the members under the role in dataset security, please do not add the users from "Dept Z". You can create a security group which includes all departments except "Dept Z", then add this group under the role. See: Working with members.

 

Best Regards,
Qiuyun Yu

Community Support Team _ Qiuyun Yu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 2 of 3
1,159 Views
0
2 REPLIES 2
v-qiuyu-msft
Community Support
Community Support

‎12-14-2016 09:50 PM

Hi @Anonymous,

 

If I understand it correctly, you already created a RLS role for users to access data belong to their department. And you want to set one of the department (eg: "Dept Z") can view all department data, right?

 

When you add the members under the role in dataset security, please do not add the users from "Dept Z". You can create a security group which includes all departments except "Dept Z", then add this group under the role. See: Working with members.

 

Best Regards,
Qiuyun Yu

Community Support Team _ Qiuyun Yu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 2 of 3
1,160 Views
0
Anonymous
Not applicable
In response to v-qiuyu-msft

‎12-15-2016 05:20 AM

@v-qiuyu-msft,

Thanks. That helped. I didn't realize that each user in the group had to be assigned some kind of role in order to see any data. I had (incorrectly) assumed they would see data without being tied to a specific role, just by being a member of the group itself. 

 

Thanks again.

Jonathan 

Message 3 of 3
826 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All