Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hi,
We have a dataset Dataset 1 (with RLS) in a shared workspace - Workspace 1.
We have an user who has viewer access to a workspace - Workspace 2. There is a report in Workspace 2 which is built using live connection to Dataset 1. For the user to be able to access the report, we have added the user to Dataset 1 with only "Read" permission. The user is not part of Workspace 1. We have not provided Build access to this user. But, we have added the user to a role using Dataset 1 -> Security.
Interestingly, the user opened the report in Workspace 2 and clicked the option of "View Dataset". From this view, the user could click the Create Report icon and actually open the dataset in the user's "My Workspace". The user had access to all the tables in the dataset and seemed to have Build access to the dataset.
Has anyone seen this. Is there any way to find the granular access control of a user and the path by which a user has been granted particular access to a dataset.
Hi @prathyoo
It appears that the user might have additional access elsewhere.
You can try and use the Power BI Scanner to see if that gives you any additional insights, here is a link on how to get this configured: Using the Power BI Scanner API to Manage Tenant's Entire Metadata -
Hi @prathyoo
Yes that is working as expected because the user can read all the data (table and measures) from the dataset. RLS would also be applied when the user drags and drops tables/measures.
Thanks @GilbertQ ,
I have another user who has been setup exactly as the first user i.e. only Read permission on the dataset. This user sees the below -
This is what we want for the first user too i.e. Read only access to the dataset without the ability to create reports. But, currently, the user sees this -
We checked the user's group membership. We have only limited set of users belonging to to two groups and the Admin/Contributor/Member of Workspace 1 who have build access to the Dataset 1. Everyone else has Read permission only. There are no apps built on reports using this dataset. I have deleted all links of reports (that I have access to). Most of the links that I had created had Read,Reshare permission. But, I get to see only links and apps from reports in workspaces that I have access to. Since there are two groups of users with build permissions, I am not sure if they have built reports on the dataset, stored it in a workspace that I cannot access and provided links to others with Build access. That is why I needed some API call or interface to check the reason for an user receiving "effective" build permission even though the user was only assigned Read permission by me.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.