Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Shared datasets security logic

 
Status: New
Comments
v-qiuyu-msft
Community Support

@Anonymous wrote:

Problem: The admin of workspace 2 can remove or add people to the security of the model in workspace 2. If the admin in workspace 2 removes/adds users to the RLS, it removes/adds them to the workspace 1 model. 

Scenario for this problem: Lets say a function woth a company (workspace 2) wants to connect to the entire data model (workspace 1), but this funtion is on the RLS in workspace 1, they should not be able to remove themselfs. I agree that they can add people in the sub function on top of their own, but not remove.


Hi @Anonymous , 

 

Based on my test, if the report owner shares the report A within app workspace 1 with the user B (isn't any member in this workspace), and grant build permission on the dataset A for user B. As the user B is a member of the dataset A RLS role, connect to this dataset A in Power BI desktop will only see limited data by RLS role, and user B is not able to create any RLS role in this new report as Manage Roles feature is greyed out. 

 

So I'm a little confused with "If the admin in workspace 2 removes/adds users to the RLS, it removes/adds them to the workspace 1 model." As the new report doesn't support RLS role, how the admin of workspace 2 can mange RLS role and then affect the role member in workspace 1? 

 

Please feel free to correct me if I misunderstand your description. 

 

Best Regards,
Qiuyun Yu