Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
Anonymous
Not applicable

Reversed RLS security

Hi everyone, 

 

I am just thinking whether it's possible to have reversed Row Level Security access. Meaning that users in the group have all the access yet people outside of the group have limited access to some datasets. 

 

If that's not the case, I will present my problem here and hope someone will come up with a solution. I basically have some confidential data that can be only seen by 7 people in the workspace, whereas there are 150 people who can't have access to data (and more people are added on a daily basis). I can't create other workspace or anything along the lines, do you have an idea how to create this kind of view? In other words, just to limit the confidential dataset to these 7 people while everyone else can't see the dataset?  

2 ACCEPTED SOLUTIONS
v-janeyg-msft
Community Support
Community Support

Hi, @Anonymous 

 

Your description is a bit confusing. You mentioned workspace, dataset, and data. So do you want to target the user's permissions to the workspace and dataset or the data in the report?

Workspace: You can set user permissions to workspace, there are four types: admin, member, contributor, viewer.

Only the viewer can't edit the report and has read-only permission.

Reference: Organize work in the new workspaces in Power BI - Power BI | Microsoft Docs

Dataset: You can set user permissions to dataset, there are therr types: build, reshare, read.

If you remove build permission, they can still see the report built on the shared dataset, but they can no longer edit it.

Reference: Build permission for shared datasets - Power BI | Microsoft Docs

The data in the report: You can distinguish the content of the data seen by users with different permissions in the report by setting RLS.

Reference: Row-level security (RLS) with Power BI - Power BI | Microsoft Docs

If you are interested in these methods, but still have questions, please feel free to ask me.

 

Best Regards

Janey Guo

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Hi, @Anonymous 

 

If there are too many people, you can assign them to distribution lists first, and then directly add groups.

Secondly, RLS is only for reports, and permissions for workspace should be set separately. RLS doesn't affect the permissions of the workspace, even in the workspace, after setting RLS, RLS will be the priority.

 

Best Regards

Janey Guo

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

5 REPLIES 5
v-janeyg-msft
Community Support
Community Support

Hi, @Anonymous 

 

Your description is a bit confusing. You mentioned workspace, dataset, and data. So do you want to target the user's permissions to the workspace and dataset or the data in the report?

Workspace: You can set user permissions to workspace, there are four types: admin, member, contributor, viewer.

Only the viewer can't edit the report and has read-only permission.

Reference: Organize work in the new workspaces in Power BI - Power BI | Microsoft Docs

Dataset: You can set user permissions to dataset, there are therr types: build, reshare, read.

If you remove build permission, they can still see the report built on the shared dataset, but they can no longer edit it.

Reference: Build permission for shared datasets - Power BI | Microsoft Docs

The data in the report: You can distinguish the content of the data seen by users with different permissions in the report by setting RLS.

Reference: Row-level security (RLS) with Power BI - Power BI | Microsoft Docs

If you are interested in these methods, but still have questions, please feel free to ask me.

 

Best Regards

Janey Guo

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Anonymous
Not applicable

Yeah, I wasn't sure which solution might be implemented, hence I mentioned all three. 

I think RLS is the closest one to what I want to achieve yet instead of focusing on this: 

Filtering users view within the group

 

I want to achieve this: 

Filtering users outside of the group (yet still in the workspace) 

 

As I mentioned before, I have only 7 users who should be able to see the confidential data and over 150 who should have a limited view. I've already tried adding the 150 to an RLS group yet I get an error message (probably too many people in the group)

Hi, @Anonymous 

 

If there are too many people, you can assign them to distribution lists first, and then directly add groups.

Secondly, RLS is only for reports, and permissions for workspace should be set separately. RLS doesn't affect the permissions of the workspace, even in the workspace, after setting RLS, RLS will be the priority.

 

Best Regards

Janey Guo

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

amitchandak
Super User
Super User

@Anonymous , Create a role and assign object-level security. This need an external tool - Tabular editor

https://powerbi.microsoft.com/en-us/blog/object-level-security-ols-now-available-for-public-preview-in-power-bi-premium/

Anonymous
Not applicable

Thanks for the response @amitchandak,

Not sure whether you got my question correctly, I meant is there a way to use RSL for unfiltering instead of filtering. Or is there any other function, add-on that can do this? 

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.