We have noticed that when RLS security is applied in a report and published on service, to test it we use the Test By Role option present under Datasets > Security option.
When the report opens, it perfectly applies the security, however, when you export the data from visual, the exported data contains all the rows present in the dataset, thus completely ignoring the security mechanism.
Here is an example to repro this.
I have following sample dataset:
Now, my email address which is obfuscated has access to India Geo only.
When I go to Power BI Service, datasets > Security > Test By Role, the report loads fine showing only one entry of mine i.e for India role.
Now, when I export this data in excel, it gives me all the rows as original dataset which is totally blowing up the security part.
Please bring this into the notice of the Dev Team. This feature is very important for our customers to test security in reports before sharing sensitive data out. However, these kind of flaws really drop the confidence in them for this product.