Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
jdusek92
Helper IV
Helper IV

RLS for group

‎01-30-2019 08:32 AM

Hello,

I have successfully set up RLS report filtering via [mail] = userprincipalname() .

It all works fine while adding individual users to:

  • My Workspace/REPORTS/Report/Share

and

  • My Workspace/DATASETS/Dataset/Security/Role/add user

 

But when I add a group the permissions are not set up correctly and the user cannot view the report/data

I checked in AD that the tested user is member of that group.

 

Is this the intened behaviour or did I miss any step here?

 

What can I do to share the report to a group while still having the RLS rule [mail] = userprincipalname() applied?

 

EDIT:

 

Scenario:

I want to create some kind of HR self service report for employees where every individual employee will see only HIS/HER data.

The data is basically just transformed output from our HR system.

I have already prepared the data set - a single table with data of all employees

There is a column with Office 365 email address that corresponds with userprincipalname()

 

Therefore the goal is not to use RLS to limit specific AD groups to access only its rows (like Group USA Office to see only USA data)

The goal is to limit every user to see only his/her data - one row of data will only be access by one user (not by the whole group)

 

sharing the report to specific users and assigning them to RLS role works fine.

I want to share to a whole AD group while still each member will only see his/her data.

 

 

Thank you

 

 

Labels:
Message 1 of 3
4,732 Views
0
1 ACCEPTED SOLUTION
jdusek92
Helper IV
Helper IV
In response to GilbertQ

‎01-31-2019 02:22 AM

@GilbertQ thank you very much for your input.

 

It was a false alert, the user I tested on has not been in the group I shared the report and dataset to.

 

View solution in original post

Message 3 of 3
4,694 Views
0
2 REPLIES 2
GilbertQ
Super User
Super User

‎01-30-2019 04:49 PM

Hi @jdusek92

 

It would appear that you want to leverage groups, and still control whom can see what.

 

In my blog post below I explain how to achieve this.

Part of the solution is that even though you can use Groups in the Power BI Service roles, you still have to have the individual people in the table. My solution shows you how to do this in an automated way.

 

https://www.fourmoo.com/2018/02/20/dynamic-row-level-security-is-easy-with-active-directory-security...





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 3
4,721 Views
0
jdusek92
Helper IV
Helper IV
In response to GilbertQ

‎01-31-2019 02:22 AM

@GilbertQ thank you very much for your input.

 

It was a false alert, the user I tested on has not been in the group I shared the report and dataset to.

 

Message 3 of 3
4,695 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Kudoed Authors
View All