Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

Permission on Shared Datasets

‎03-11-2020 07:37 AM

Need some explanation regarding the issue we are facing around the shared datasets and the permissions on the model side. I have a premium capacity and we are letting users use this to build reports in their own workspaces. They are admins in their own workspaces and only have read and build permissions on the shared datasets. They do not reside in the workspace itself where the model is (premium capacity).

 

We have RLS applied to our model and AD groups to manage all these users.

 

When the users create their reports and share them with other business users, the users are added to the permissions. Users that are in an AD group (that have build and read permissions) are added individually again.

 

This does not seem correct in the way of working, can someone please help with this?

 

Labels:
Message 1 of 4
361 Views
0
3 REPLIES 3
Greg_Deckler
Super User
Super User

‎03-11-2020 07:48 AM

Seems like a process issue. Seems like you should have the AD Groups that make up your RLS also added to the Report permissions for sharing purposes. Then you would just add the user to the correct AD Group and it would be shared with them and they would be in the rigth role for RLS.


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 2 of 4
353 Views
0
Anonymous
Not applicable
In response to Greg_Deckler

‎03-11-2020 07:59 AM

Hi @Greg_Deckler ,

 

Yes the AD group is added to the permissions in the data model. If the user does/not belong to a AD group, they are added individually, regardless. That is my issue. If they are in an AD group, they should not be added individually to the permissions. 

They are added in both the RLS AD group, and the AD group that has access through the app.

 

Kind Regards

Message 3 of 4
344 Views
0
Greg_Deckler
Super User
Super User
In response to Anonymous

‎03-11-2020 08:32 AM

Right, so you need to teach your users to stop sharing with people individually. Probably need to take away their permissions to do so. Otherwise this is a training and governance thing. To the best of my knowledge the Power BI Service does not enumerate all of the users in AD Groups and then decide whether or not to add a user individually. If a user shared a report individually, it is going to add them regardless of whether or not they are in an AD Group. Just how it works.


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 4 of 4
341 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All