New RLS in Fabric Portal does not work

hefirius · ‎04-30-2024

In the recent months, we see that the "Manage Roles" button have been released online at power bi service.

i tried to use the Manage Roles button to create new RLS for my new DirectLake dashboards and it does not seem to work.

I did a very simple Role to check the email field in one of my datasets to be equals to USERPRINCIPLENAME().

Thereafter, I added the user in Semantic Model's Security and also did a share to the user.

However, the user is still unable to view the data in APPS.

johnbasha33 · ‎04-30-2024

It sounds like there might be a configuration issue with your Row-Level Security (RLS) setup in Power BI Service. Let's troubleshoot the problem step by step:

1. **Role Definition**: Make sure that the role you created correctly checks the email field against USERPRINCIPLENAME(). Ensure that the DAX expression used for the role accurately filters the data based on the logged-in user's email.

2. **User Assignment**: Verify that you've assigned the user to the correct role in the Semantic Model's Security settings. Double-check the email address of the user and ensure it matches the values in your dataset.

3. **Dataset Refresh**: After making changes to roles or user assignments, ensure that you refresh the dataset in Power BI Service. Sometimes, changes might not take effect immediately, and a dataset refresh is required to apply the new security settings.

4. **Share Dashboard**: Ensure that you've shared the dashboard or report with the user. Even if the user has access to the dataset through RLS, they won't be able to view the data in the app if the dashboard or report hasn't been shared with them.

5. **User Permissions**: Check if the user has appropriate permissions to access the app. Verify that they have been added to the app's access list with the necessary permissions to view the content.

6. **Test with Another User**: If possible, try testing the RLS setup with another user to see if the issue persists. This can help determine if the problem is specific to the user or if it's a broader issue with the RLS configuration.

If after following these steps the issue still persists, it might be helpful to review any error messages or logs generated during the user's attempt to access the data. Additionally, consider reaching out to Power BI support for further assistance, as they can provide specific guidance based on your account and configuration details.

Did I answer your question? Mark my post as a solution! Appreciate your Kudos !!

hefirius · ‎05-01-2024

Hi John,

Thank you for the response to my question.

1. I have double checked this to ensure that the userprinciplename is the same. I am using the same method as the dynamic RLS that I've created previously, for Import mode.

2. This is double and triple checked too.

3. Just want to check, as i am implementing RLS for DirectLake, is this refresh on semantic model neccesary?

4. I have shared with the user, and provision Read rights to user

5. The audience is App list also contains them. They can see the app, its just the dataset that they cannot see.

6. Tried with a couple of users but same result.

I am thinking if the RLS in DirectLake works differently from our standard import/directquery RLS. There is a lack of this documentation.

Thanks!

New RLS in Fabric Portal does not work

Helpful resources

New forum boards available in Real-Time Intelligence.

Fabric certifications survey

Jumpstart your career with the Fabric Career Hub

New RLS in Fabric Portal does not work

Helpful resources

New forum boards available in Real-Time Intelligence.

Fabric certifications survey