Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
I guess I already know the answer, but it doesn’t hurt asking
I have a dataset where I'm currently not using RLS. Now I got one new table in the dataset containing information that shall only bee seen by a restricted group of users. This new table can either be seen as a new table, or as a column in already existing table, think of this as e.g. a private phone number
When I first implemented RLS by adding a role (SecureTableAccess), and published it to the Power BI Service, the complete report becomes blank/restricted, not for me, but for all other users. Please not that I just added the role, and not even added any filter conditions to any table
Ok... To make sure the group of users that shall see the restricted information can see the information, I need to add those users to the role in the Power BI Service using the Security settings on the dataset in the Power BI Service. Doing so, the privileged users now can see the report. But the other users still can't see the report.
To finalize securing the restricted table, I now created a RLS filter on the restricted table and republished the report. The privileged users now still can see the report, but the other users still can't.
How do I make sure other users can see what they did see before?
What I did was to add a "BasicUser" role to the dataset and added all other users to that role.
As this report is shared as a Power BI App to an already restricted group of users, it feels kind of odd to add all these users a second time, just to restrict part of the data to a smaller group of users, but I also understand that there might be reasons for this as well
Finally my question. Was what I did correct. Do I always need to add a basic user role and add all users to that role as soon as I add any role to the dataset, or is there any other pattern that can be used
Also, Viewing the dataset using the Power BI Desktop and using "View as Role", if I there choose "None", I still will see everything. My expectation was that choosing "None", I would see the same as users not assigned to any role in the Power BI Service. But that was not the case, and this missleaded me. The consequence of this was that the report was not visable for some time for "regular" users. Also, Using the Power BI Desktop "View as Role" feature and giving an arbitrary username like foo@bar.com still shows the unrestricted data, something that is not the case when the user foo@bar.com tries to access the report in the Power BI Service. All this might be a missunderstanding from my side of how roles is intended to work, or a glitch in how Microsoft wants to implement the RLS testing features
Solved! Go to Solution.
Hi pade,
"Finally my question. Was what I did correct. Do I always need to add a basic user role and add all users to that role as soon as I add any role to the dataset, or is there any other pattern that can be used"
<--- Yes, you need to assigned members' account to the role so that the members can view contents included by the role, in addtion, if your group has large amount of such member account, I would recommend you to set row level security instead of manually assign members to roles.
Regards,
Jimmy Tao
Hi pade,
"Finally my question. Was what I did correct. Do I always need to add a basic user role and add all users to that role as soon as I add any role to the dataset, or is there any other pattern that can be used"
<--- Yes, you need to assigned members' account to the role so that the members can view contents included by the role, in addtion, if your group has large amount of such member account, I would recommend you to set row level security instead of manually assign members to roles.
Regards,
Jimmy Tao
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
107 | |
94 | |
77 | |
63 | |
50 |
User | Count |
---|---|
147 | |
106 | |
104 | |
87 | |
61 |