Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!
I need to give someone an access to my report - limited access: the new user only needs to see a certain set of data. RLS to the rescue. Thing is, the existing report they need to have limited access to, has not been set up to have RLS. So I set up the role, give them access, add them to the role, and they are good to go. Unfortunately, I start receiving feedback from previous existing users that they can't access the report because of the error below, which is about RLS. I was able to fix it by setting up another role without restrictions, then adding them to that role.
My question is, is this really how RLS behaves? If someone is an existing viewer to an existing report, and this report is updated to have RLS, that viewer will need to be on a role to access the report again? I was under the impression that previous users would be unaffected?
Solved! Go to Solution.
Unfortunately this is how it is... As you apply RLS then every user has to be assigned to a role.
Create a new role name it Global for example without any security filters, and assign all your previous users to it.
Thanks, @Mohammad_Refaei . That's exactly what I did. So is this how it behaves? Everytime we update a previously non-RLS report to an RLS report, we need to put all existing users to a separate role without filters? Seems super inconvenient. Shouldn't they be unaffected because they are able to access the report without restrictions in the first place?
If you work with AD groups, the additional effort isn't that much. You should try to avoid adding individual users but use groups instead
Unfortunately this is how it is... As you apply RLS then every user has to be assigned to a role.
User | Count |
---|---|
126 | |
108 | |
99 | |
65 | |
62 |
User | Count |
---|---|
136 | |
113 | |
102 | |
71 | |
60 |