Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
jhartranft60
Advocate IV
Advocate IV

Row Level Security not working

‎08-23-2018 03:46 PM

Hello,

 

I've created a report and, in Desktop, I've created several roles relating to the different groups within the report and an "Exec" role to give Executives a view of all.  I've filtered these roles using DAX and when I 'View As', I see exactly what I've intended for each role.

 

Next, I've gone into BI Service and added the directors to their respective group roles.  I've also edited the app workspace to ensure that members can only view, not edit, BI content.  I've then chosen "Test as role" and again see exactly what the role is intended to see.

 

Unfortunately, when I have a group director access the app they're able to see all data instead of being limited to just their group.  Is there something I'm missing? 

 

*Note - those with access to the app are not members of the workspace.  I don't think they need to be, but figured I'd toss this info out there as well.

Labels:
Message 1 of 9
31,568 Views
1 ACCEPTED SOLUTION
jhartranft60
Advocate IV
Advocate IV
In response to PBIUSER3

‎05-24-2019 08:02 AM

@PBIUSER3  Yes, I ended up using Dynamic RLS to fix the problem.  Our PBI login matches ID's in the data, for example:

 

Login: UserBob123@microsoft.com

Data: UserID- UserBob123; Customer-ABEX; Order#-7524

 

I then used a filter in the role like: UserPrincipalName()=Concatenate(UserID,"@microsoft.com") 

 

Hope that helps!

         

View solution in original post

Message 8 of 9
30,871 Views
8 REPLIES 8
apo1979
Frequent Visitor

‎06-11-2020 12:39 PM

The Row-level security (RLS) rule with Power BI only worked in my case when in Workspace I define that users have only Viewer access.

Message 9 of 9
26,802 Views
0
PBIUSER3
New Member

‎05-01-2019 07:32 AM

Hey @jhartranft60 , did you ever find a solution to this as I am having the same issue.

 

Thank you

Message 7 of 9
30,947 Views
0
jhartranft60
Advocate IV
Advocate IV
In response to PBIUSER3

‎05-24-2019 08:02 AM

@PBIUSER3  Yes, I ended up using Dynamic RLS to fix the problem.  Our PBI login matches ID's in the data, for example:

 

Login: UserBob123@microsoft.com

Data: UserID- UserBob123; Customer-ABEX; Order#-7524

 

I then used a filter in the role like: UserPrincipalName()=Concatenate(UserID,"@microsoft.com") 

 

Hope that helps!

         

Message 8 of 9
30,872 Views
v-shex-msft
Community Support
Community Support

‎08-24-2018 01:04 AM

Hi @jhartranft60,

 

According to document, it mentioned RLS not works for user who is the dataset owner or has edit permission.
Please double check his according to confirm if he has edit permission.

Row-level security (RLS) with Power BI

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Message 2 of 9
31,553 Views
jhartranft60
Advocate IV
Advocate IV
In response to v-shex-msft

‎08-24-2018 05:25 AM

He does not.  He's not a member of the workspace and only accessing the report via the app. 

Message 3 of 9
31,550 Views
0
v-shex-msft
Community Support
Community Support
In response to jhartranft60

‎08-29-2018 05:57 PM

HI @jhartranft60,

 

Can you confirm your table has correspond records with that user?

 

>>He's not a member of the workspace and only accessing the report via the app.

Did you mean external guest from external tenant and use Azure B2B feature to get access permission?

Distribute Power BI content to external guest users with Azure AD B2B

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Message 4 of 9
31,536 Views
0
jhartranft60
Advocate IV
Advocate IV
In response to v-shex-msft

‎08-31-2018 05:55 AM

Hello,

 

Yes, I've used multiple test users at this point, each put into a different role.  I'm not using Dynamic RLS, so the records shouldn't have to tie them directly, just to the rules of the roles I've put them in.  As mentioned previously, I've tested the roles in both Desktop and Service and they work exactly as intended.  I just can't seem to figure out why they don't work for any users that I assign to those roles.

 

>>He's not a member of the workspace and only accessing the report via the app.

>>Did you mean external guest from external tenant and use Azure B2B feature to get access permission?

>>No, this was in response to a previous question about the test user having edit permissions.  My response is that they are not a member of the App Workspace and therefore that isn't a concern.  They are a member of the organization given access to the app only.

 

Message 5 of 9
31,527 Views
0
v-shex-msft
Community Support
Community Support
In response to jhartranft60

‎09-04-2018 01:46 AM

Hi @jhartranft60,

 

How did you assign roles? Assigned to email or office security group? If you mean security group, did this user joined in that group? Any specific permissions/rules enabled on this user?


In addition, you can also open a support ticket for better support from power bi team.

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Message 6 of 9
31,520 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All