Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hello,
I've created a report and, in Desktop, I've created several roles relating to the different groups within the report and an "Exec" role to give Executives a view of all. I've filtered these roles using DAX and when I 'View As', I see exactly what I've intended for each role.
Next, I've gone into BI Service and added the directors to their respective group roles. I've also edited the app workspace to ensure that members can only view, not edit, BI content. I've then chosen "Test as role" and again see exactly what the role is intended to see.
Unfortunately, when I have a group director access the app they're able to see all data instead of being limited to just their group. Is there something I'm missing?
*Note - those with access to the app are not members of the workspace. I don't think they need to be, but figured I'd toss this info out there as well.
Solved! Go to Solution.
@PBIUSER3 Yes, I ended up using Dynamic RLS to fix the problem. Our PBI login matches ID's in the data, for example:
Login: UserBob123@microsoft.com
Data: UserID- UserBob123; Customer-ABEX; Order#-7524
I then used a filter in the role like: UserPrincipalName()=Concatenate(UserID,"@microsoft.com")
Hope that helps!
The Row-level security (RLS) rule with Power BI only worked in my case when in Workspace I define that users have only Viewer access.
@PBIUSER3 Yes, I ended up using Dynamic RLS to fix the problem. Our PBI login matches ID's in the data, for example:
Login: UserBob123@microsoft.com
Data: UserID- UserBob123; Customer-ABEX; Order#-7524
I then used a filter in the role like: UserPrincipalName()=Concatenate(UserID,"@microsoft.com")
Hope that helps!
Hi @jhartranft60,
According to document, it mentioned RLS not works for user who is the dataset owner or has edit permission.
Please double check his according to confirm if he has edit permission.
Row-level security (RLS) with Power BI
Regards,
Xiaoxin Sheng
He does not. He's not a member of the workspace and only accessing the report via the app.
HI @jhartranft60,
Can you confirm your table has correspond records with that user?
>>He's not a member of the workspace and only accessing the report via the app.
Did you mean external guest from external tenant and use Azure B2B feature to get access permission?
Distribute Power BI content to external guest users with Azure AD B2B
Regards,
Xiaoxin Sheng
Hello,
Yes, I've used multiple test users at this point, each put into a different role. I'm not using Dynamic RLS, so the records shouldn't have to tie them directly, just to the rules of the roles I've put them in. As mentioned previously, I've tested the roles in both Desktop and Service and they work exactly as intended. I just can't seem to figure out why they don't work for any users that I assign to those roles.
>>He's not a member of the workspace and only accessing the report via the app.
>>Did you mean external guest from external tenant and use Azure B2B feature to get access permission?
>>No, this was in response to a previous question about the test user having edit permissions. My response is that they are not a member of the App Workspace and therefore that isn't a concern. They are a member of the organization given access to the app only.
Hi @jhartranft60,
How did you assign roles? Assigned to email or office security group? If you mean security group, did this user joined in that group? Any specific permissions/rules enabled on this user?
In addition, you can also open a support ticket for better support from power bi team.
Regards,
Xiaoxin Sheng
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
109 | |
99 | |
77 | |
66 | |
54 |
User | Count |
---|---|
144 | |
104 | |
101 | |
86 | |
64 |