Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

RLS not working for one user on service

‎10-05-2022 06:17 AM

Hi all,
I have used dynamic RLS in my report which works correctly on desktop but on service, for one particular user (say abc.xyz.o@abc.com.co). While using test as role in service, for this one particular external user, RLS is completely failing and all data is visible to them. We have ensured that they do not have any role(Admin, Member, Contributor, Viewer) in the workspace where we have published this report. We have added this external user using Azure Active Directory. In other cases, RLS is working fine for users in the same domain. Can anyone please advice on this issue?

Labels:
Message 1 of 3
520 Views
0
1 ACCEPTED SOLUTION
v-tangjie-msft
Community Support
Community Support

‎10-06-2022 12:59 AM

Hi  @Anonymous ,

 

I'd like to suggest you check the user table and the username that guest user display on power bi service to confirm if they matches.


Since RLS only works on 'read' permissions users, please also double-check the user permissions on your dataset manage permissions.

 

Once you complete the operation, please refresh your browser page  and make sure the above setting is working.

 

After that, you could call this rest api to refresh users’ permissions to guarantee they’re fully updated.

Users - Refresh User Permissions - REST API (Power BI Power BI REST APIs) | Microsoft Docs

 

You can also refer to the following documents to understand the limitations of rls.

Row-level security (RLS) guidance in Power BI Desktop - Power BI | Microsoft Learn

Row-level security (RLS) with Power BI - Power BI | Microsoft Learn

 

Best Regards,

Neeko Tang

If this posthelps, then please considerAccept it as the solutionto help the other members find it more quickly. 

View solution in original post

Message 3 of 3
464 Views
0
2 REPLIES 2
v-tangjie-msft
Community Support
Community Support

‎10-06-2022 12:59 AM

Hi  @Anonymous ,

 

I'd like to suggest you check the user table and the username that guest user display on power bi service to confirm if they matches.


Since RLS only works on 'read' permissions users, please also double-check the user permissions on your dataset manage permissions.

 

Once you complete the operation, please refresh your browser page  and make sure the above setting is working.

 

After that, you could call this rest api to refresh users’ permissions to guarantee they’re fully updated.

Users - Refresh User Permissions - REST API (Power BI Power BI REST APIs) | Microsoft Docs

 

You can also refer to the following documents to understand the limitations of rls.

Row-level security (RLS) guidance in Power BI Desktop - Power BI | Microsoft Learn

Row-level security (RLS) with Power BI - Power BI | Microsoft Learn

 

Best Regards,

Neeko Tang

If this posthelps, then please considerAccept it as the solutionto help the other members find it more quickly. 

Message 3 of 3
465 Views
0
collinq
Super User
Super User

‎10-05-2022 03:34 PM

HI @Anonymous ,

 

Since you have used RLS in other instances and you understand how it works and you have this setup working properly for other situations I think that this might not be a setup as much as something like a typo.  Since it works in the Desktop, I would first go back to the Service and then the settings and go to the Role where this user is assigned and remove the email address, then save.  And then, type (don't copy/paste just in case there is an unexpected space) the email address into the Role again.  Click Add and Save.

I know you state you have confirmed access in the workspace but what about the Dataset itself? I would also go back to the Dataset's permissions and confirm no Links or Direct Access is inadvertantly in there.  And, I would look at the Security for the Report, Dashboard and Workbook as well to confirm nothing is there in Direct Access, Shared Views or Links.

 




Did I answer your question? Mark my post as a solution!

Proud to be a Datanaut!
Private message me for consulting or training needs.




Message 2 of 3
479 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All