cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Permission on Shared Datasets

Need some explanation regarding the issue we are facing around the shared datasets and the permissions on the model side. I have a premium capacity and we are letting users use this to build reports in their own workspaces. They are admins in their own workspaces and only have read and build permissions on the shared datasets. They do not reside in the workspace itself where the model is (premium capacity).

 

We have RLS applied to our model and AD groups to manage all these users.

 

When the users create their reports and share them with other business users, the users are added to the permissions. Users that are in an AD group (that have build and read permissions) are added individually again.

 

This does not seem correct in the way of working, can someone please help with this?

 

3 REPLIES 3
Greg_Deckler
Super User
Super User

Seems like a process issue. Seems like you should have the AD Groups that make up your RLS also added to the Report permissions for sharing purposes. Then you would just add the user to the correct AD Group and it would be shared with them and they would be in the rigth role for RLS.


@ me in replies or I'll lose your thread!!!
Check out my External Tool for Power BI Desktop! Microsoft Hates Greg's Quick Measures
YouTube Channel! Microsoft Hates Greg
Check out my latest book!

Anonymous
Not applicable

Hi @Greg_Deckler ,

 

Yes the AD group is added to the permissions in the data model. If the user does/not belong to a AD group, they are added individually, regardless. That is my issue. If they are in an AD group, they should not be added individually to the permissions. 

They are added in both the RLS AD group, and the AD group that has access through the app.

 

Kind Regards

Right, so you need to teach your users to stop sharing with people individually. Probably need to take away their permissions to do so. Otherwise this is a training and governance thing. To the best of my knowledge the Power BI Service does not enumerate all of the users in AD Groups and then decide whether or not to add a user individually. If a user shared a report individually, it is going to add them regardless of whether or not they are in an AD Group. Just how it works.


@ me in replies or I'll lose your thread!!!
Check out my External Tool for Power BI Desktop! Microsoft Hates Greg's Quick Measures
YouTube Channel! Microsoft Hates Greg
Check out my latest book!

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

November Power BI Update 768x460.png

Check it Out!

Click here to read more about the November 2021 Updates!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Kudoed Authors