Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

jo_mandy

Row-Level-Security bug when role member is a group

Submitted by on ‎01-12-2018 07:21 AM

I have applied role-level-security in my Power BI desktop file. In Power BI Service I assign a group to that role. When a user in that group accesses the dashboard they get an error on the tiles that says 'You don't have access because row-level-security (RLS) was applied. Please contact the owner to ask for permission'. Screenshot below. 

 

If the user clicks one of the tiles and views the report the RLS works as expected. When they go back to the dashboard the RLS error is gone and the dashboard works as expected with RLS.

 

It seems to be the user needs to first access the report to 'initate' the RLS for the first time before it works on the dashboard. 

 

This does not happen when individuals are assigned to a role, only when a group is assgned. 

 

This is a very bad user experence as any first-time user assumes there is an error with thier access. 

 

Has anyone else experienced this and found a workaround? With the very limited admin functions in Power BI I can't even switch roles to that user to forece a first entry before the user sees the error. I think this is a bug and I'd like to know how it will be resolved. 

 

Thank you,

Jo-Anne

 

Before accessing the report

RLS.png

 

After access the report

RLS After.JPG

 

Status: Needs Info
See more ideas labeled with:
4 Comments (4 New)
Comments
v-qiuyu-msft
Community Support
Community Support
‎01-15-2018 10:56 PM

Hi @jo_mandy,

 

From your description, it seems that you add a security group as RLS role member and share a dashboard with the same security group, right? 

 

Based on my test, when the member of security group access the dashboard which data has RLS applied, the dashboard tile doesn't have error. I would suggest you test again. 

 

If issue persists, please share detail information for us to reproduce the issue, eg: connected data source, whether RLS role based on UserName() function, etc. 

 

Best Regards,
Qiuyun Yu 

Vicky_Song
Impactful Individual
Impactful Individual
‎01-15-2018 10:56 PM
Status changed to: Needs Info
 
jo_mandy
Frequent Visitor
‎01-16-2018 10:20 AM

I have used a security group as the RLS role member, and then I have shared to individuals who are members of that group. I have not tried using the group for both the RLS role and for sharing.

 

As I mentioned in my original post. It only happens the first time the user is viewing the dashboard. After they have accessed the report the dashboard works as expected.

 

Thanks,

Jo-Anne

Anonymous
Not applicable
‎12-02-2018 09:32 PM

I'm also having this issue.

 

In my case the roles are not based on usernames. Each security group has a simgle simple data filter, and individual users are manually assigned to groups using the Security section of the dataset in the web service. This differ's to jo_mandy's experience where assigning individuals is fine.

 

As jo_mandy has iterated though, this is only an issue the first time someone accesses the dashboard after which the dashboards and reports appear to work fine but this can affect distribution success significantly when users are met with issues on first attempt.

Idea Statuses