Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hi all,
I have used dynamic RLS in my report which works correctly on desktop but on service, for one particular user (say abc.xyz.o@abc.com.co). While using test as role in service, for this one particular external user, RLS is completely failing and all data is visible to them. We have ensured that they do not have any role(Admin, Member, Contributor, Viewer) in the workspace where we have published this report. We have added this external user using Azure Active Directory. In other cases, RLS is working fine for users in the same domain. Can anyone please advice on this issue?
Solved! Go to Solution.
Hi @Anonymous ,
I'd like to suggest you check the user table and the username that guest user display on power bi service to confirm if they matches.
Since RLS only works on 'read' permissions users, please also double-check the user permissions on your dataset manage permissions.
Once you complete the operation, please refresh your browser page and make sure the above setting is working.
After that, you could call this rest api to refresh users’ permissions to guarantee they’re fully updated.
Users - Refresh User Permissions - REST API (Power BI Power BI REST APIs) | Microsoft Docs
You can also refer to the following documents to understand the limitations of rls.
Row-level security (RLS) guidance in Power BI Desktop - Power BI | Microsoft Learn
Row-level security (RLS) with Power BI - Power BI | Microsoft Learn
Best Regards,
Neeko Tang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @Anonymous ,
I'd like to suggest you check the user table and the username that guest user display on power bi service to confirm if they matches.
Since RLS only works on 'read' permissions users, please also double-check the user permissions on your dataset manage permissions.
Once you complete the operation, please refresh your browser page and make sure the above setting is working.
After that, you could call this rest api to refresh users’ permissions to guarantee they’re fully updated.
Users - Refresh User Permissions - REST API (Power BI Power BI REST APIs) | Microsoft Docs
You can also refer to the following documents to understand the limitations of rls.
Row-level security (RLS) guidance in Power BI Desktop - Power BI | Microsoft Learn
Row-level security (RLS) with Power BI - Power BI | Microsoft Learn
Best Regards,
Neeko Tang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
HI @Anonymous ,
Since you have used RLS in other instances and you understand how it works and you have this setup working properly for other situations I think that this might not be a setup as much as something like a typo. Since it works in the Desktop, I would first go back to the Service and then the settings and go to the Role where this user is assigned and remove the email address, then save. And then, type (don't copy/paste just in case there is an unexpected space) the email address into the Role again. Click Add and Save.
I know you state you have confirmed access in the workspace but what about the Dataset itself? I would also go back to the Dataset's permissions and confirm no Links or Direct Access is inadvertantly in there. And, I would look at the Security for the Report, Dashboard and Workbook as well to confirm nothing is there in Direct Access, Shared Views or Links.
Proud to be a Datanaut!
Private message me for consulting or training needs.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.