06-06-2018 07:28 AM
I have defined security roles using Power BI desktop, published the report to Power BI service and created a dashboard by pinning charts from the report. Then I tried to test the roles I've defined by using the "Test as role" functionality. Everything works as expected when I'm viewing the report file, but when I navigate to the dashboard the blue banner saying "Now vieving as: *role*" disappears and I can see all the data that role is not supposed to see. Is row level security supposed to work with dashboards?
06-06-2018 09:38 AM
I think the RLS won't work when you add a report as a Dashboard Widget.
This is because the Dashboard basically holds your report as a tile. In other words, the Dashboard just shows the report as a tile but does not have any actual data contained in the dashboard unlike the report.
Also a dashboard can have multiple datasets. So in this case, it might be by design that RLS won't work in Dashboard.
06-06-2018 09:41 AM
Dashboard tiles preserve the filters at the time of pinning. So, if you pin a visual to a dashboard as a user that can see all of the data, that's what the dashboard will display. In your case, you would need to pin the visual to the dashboard WHILE you were that other user and then I believe it will work, but only for that role. You would need a separate dashboard for your other role. Pinning a "live" report tile might work, but then that is the entire report.
Did I answer your question? Mark my post as a solution!
Proud to be a Datanaut!
06-06-2018 09:42 AM
RLS is applicable to Dashboard also. However you can test with the "test as role" option for the role you have define, it does not automatically apply to the reports and datasets unless you have explicitly defined this in a DAX function that looks up on the user UPN.
You can read more on this from this chat.
Also note that the option to "test as role" as been removed from the Power BI services initial screen as it use to be before. Details here
You can however still test this option my following this steps: On the dataset that you defined a role, right on it and select the security option that bring you to the Row-Level Security page(Note. You should see the roles you have defined in Power BI desktop). Then click on the little 3 dots for more option then you would see the option to test as the role.
06-07-2018 12:17 AM
Thank you everyone for your answers. So what would you recommend I do if I want to share these charts in a dashboard using an app, but there's some sensitive information that should not be seen by certain users? As far as I'm aware you can only publish one app from a single app workspace, and the content of the app is the same for all users you grant permission to view it? So is the only solution to have two completely separate apps with only one of them containing the sensitive information?
06-21-2018 06:00 PM
I think dynamic RLS with username will suitable for your requirement, please refer to below link to know more about this:
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
For learning resources/Release notes, please visit: | |
06-21-2018 07:45 PM
I can confirm that when I am using RLS and creating a dashboard that the user will only see the data on the dashboard that is relevant to them.
This will also work in exactly the same manner if you deploy your reports and dashboards via the App experience. There be no need to create multiple apps, you can have all the users within the one App. And as they log in it will display their slice of data.
What I often do is find another user in the Organization who is allowed to view the data, and add them into the RLS to test with to ensure that it is working as expected. This also gives you some piece of mind that it is working.
"Proud to be a Datanaut!"
06-22-2018 09:28 AM
I think you're receiving too high level of answers here. Lets start with enabling the Row Level security.
You do this from the "Datasets" section of the workspace.
Then select the roles for your row level security and add the individuals or groups you want to be able to access the information.
That will enable the row level security for the Role for the people selected and when one of the people you have enabled views it, it will only show them the information that the Role is allowed to see.
06-22-2018 09:10 PM
Only when a user is added to a role, will they then see their related data.
"Proud to be a Datanaut!"