Re: Role Based Security stopping certain users fro...

DebbieE · ‎01-23-2019

I have a report with all the top level visualisations without any detailed data

I have drill throughs set up to detailed reports containing the underlying data

Ive looked at role based security but I cant see how you could stop certain users from drilling through to the underlying data

Does anyone have any ideas on this?

Thanks in advance

v-juanli-msft · ‎01-24-2019

Hi @DebbieE

create three tables and relationships as below

Manange rold as below, see details here

https://docs.microsoft.com/en-gb/power-bi/report-server/row-level-security-report-server

Add [details] in the table visual on page2, add [Category] from "top level" table in the Drillthrough filter field

add [category] from "top level" table in the table visual on Page1,

view as specific role, click ok, then drillthrough to page2

As tested, user "dale" can only see his own data.

Best Regards

Maggie

Community Support Team _ Maggie Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

DebbieE · ‎01-25-2019

Ive set up exactly as stated but its not worked.

Ive tried testing in service as ell as the desk top but you can see the detail of every row no matter who you log in as

v-juanli-msft · ‎01-27-2019

Hi @DebbieE

1. Make the relationship between "Toplevel" and "details" tables "single direction".

2.create RLS formula in the "User" table as my screenshot shown.

3. the "user" column in my test is the account which users use to log in the power bi instead of users' names.

for example, i user the following to sign in power bi.

ljj@organization.domainname.com

4. if you publish the pbix report to an App workplace where members have edit permission, then RLS doesn't work.

please only give view permission to your users.

Best Regards

Maggie

DebbieE · ‎01-28-2019

1. Make the relationship between "Toplevel" and "details" tables "single direction".

Ahh this was cross filter direction Both. Changed to Single

2.create RLS formula in the "User" table as my screenshot shown.

Already done

3. the "user" column in my test is the account which users use to log in the power bi instead of users' names.

for example, i user the following to sign in power bi.

ljj@organization.domainname.com

Same as ours. Understood

4. if you publish the pbix report to an App workplace where members have edit permission, then RLS doesn't work.

please only give view permission to your users.

Im the only one with Access in my App workspace. I added the other person as a contributer if thats what you mean? These havent been added into the App yet Im just testing in the workspace. Do you mean add them to the App workspace OR just add them to the actual app?

Now I am seeing different behaviour. I can see everything all the time which now makes sense because Im the owner. I didnt realise that before

My other users password now cant see anything at the top level 'The visual Contains restricted data'. So this hasnt worked because its restricting the top level. I have just checked again and my relationships are identical to your screenshot

Test 1: Add other user to App (Not app workspace)

I can see everything. Other user - The visuals contain restricted data

Test 2: Take other user out of App and Add to App workspacec as Contributor

I can see everything. Other user - The visuals contain restricted data

Test 3: Chage App workspacce to Member

I can see everything. Other user - The visuals contain restricted data

Test 4: Chage App workspacce to Admin

I can see everything. Other user - The visuals contain restricted data

I think I have figured out the issue. I have been testing in service without first adding them as members. Although now I just cant see any data for each member rather that it being restricted

I still down understand how row level security works with

1. Adding people to the app workspace (People you work with and work on the project)

2. The App (People who just view the reports)