Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

RLS overwritten when republishing a Power BI report

‎05-29-2016 11:38 PM

At the moment, it is apparent that role level security is defined at the dataset level on the powerbi service. So each time the report is republished from the PBI desktop, existing RLS setup will be overwrittern and will have to be re-created, which is not a possible solution if you have a dozen roles with 10-20 users in each role. I am using direct connect or import from a SQL server database source directly (so no SSAS involved). Just wondering how you guys get around this and make the process less painful?

 

Thanks.

Labels:
Message 1 of 5
2,957 Views
0
2 ACCEPTED SOLUTIONS
ankitpatira
Community Champion
Community Champion

‎05-30-2016 03:39 AM

 @Anonymous Feature is still in BETA so unfortunately it will be overwritten. If you can't manage to recreate roles then you should consider using UPN in RLS in power bi. I'll try give you an example.

 

Say you have a employee data and employee belongs to department. In your data source create UserSecurity table with users email address and department (departmentID, basically identifier for department). Then join that departmentID with tables in your actual data tables. Create a single role in RLS and add all your power bi users in that role. Under RULES tab, select UserSecurity table and apply rule as [EMAIL] = Username(). Username() returns logged in power bi user email address. From UserSecurity table, departmentID for that returned username will be matched with departmentID in all your actual tables and dashboard will be filtered.

 

Hope that make sense!

 

View solution in original post

Message 2 of 5
3,490 Views
0
v-yuezhe-msft
Employee
Employee
In response to Anonymous

‎05-31-2016 12:51 AM

Hi pbuser,

Firstly, as per this blog, you can assign AAD groups (security groups and distribution lists) to a role, which makes it easier to assign roles to a large group of users at once.

Secondly, you will still need to re-create Row Level Security (RLS) after republishing report to Power BI service even if you use USERNAME () function with RLS.

Thirdly, the RLS feature at this stage is still in preview mode, regarding to the limitation that you will loose all row-level security after republishing report, you can submit a idea ( for example, make it possible to back up roles and restore roles after republishing report) on the Power BI Idea forum: https://ideas.powerbi.com/forums/265200-power-bi-ideas  .

 

Thanks,
Lydia Zhang

Community Support Team _ Lydia Zhang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 4 of 5
3,461 Views
0
4 REPLIES 4
ankitpatira
Community Champion
Community Champion

‎05-30-2016 03:39 AM

 @Anonymous Feature is still in BETA so unfortunately it will be overwritten. If you can't manage to recreate roles then you should consider using UPN in RLS in power bi. I'll try give you an example.

 

Say you have a employee data and employee belongs to department. In your data source create UserSecurity table with users email address and department (departmentID, basically identifier for department). Then join that departmentID with tables in your actual data tables. Create a single role in RLS and add all your power bi users in that role. Under RULES tab, select UserSecurity table and apply rule as [EMAIL] = Username(). Username() returns logged in power bi user email address. From UserSecurity table, departmentID for that returned username will be matched with departmentID in all your actual tables and dashboard will be filtered.

 

Hope that make sense!

 

Message 2 of 5
3,491 Views
0
Anonymous
Not applicable
In response to ankitpatira

‎05-30-2016 04:20 AM

@ankitpatira it makes perfect sense. But 2 questions remain.

1. how do you easily add all powerbi users (say from 30 - 200 users) in the role? Is there any built-in group on Power BI similar to everyone group or All users  AD group I can use? Or I have use office 365 somehow?

2. Are you implying we will still have to re-create the RLS but in this case we only need to configure one role rather than multiple roles.

 

Thanks.

 

Message 3 of 5
2,940 Views
0
v-yuezhe-msft
Employee
Employee
In response to Anonymous

‎05-31-2016 12:51 AM

Hi pbuser,

Firstly, as per this blog, you can assign AAD groups (security groups and distribution lists) to a role, which makes it easier to assign roles to a large group of users at once.

Secondly, you will still need to re-create Row Level Security (RLS) after republishing report to Power BI service even if you use USERNAME () function with RLS.

Thirdly, the RLS feature at this stage is still in preview mode, regarding to the limitation that you will loose all row-level security after republishing report, you can submit a idea ( for example, make it possible to back up roles and restore roles after republishing report) on the Power BI Idea forum: https://ideas.powerbi.com/forums/265200-power-bi-ideas  .

 

Thanks,
Lydia Zhang

Community Support Team _ Lydia Zhang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 4 of 5
3,462 Views
0
Anonymous
Not applicable
In response to v-yuezhe-msft

‎06-08-2016 10:45 PM

@v-yuezhe-msft Thanks for the infor about the AAD group assignment to a role. Just a bit off topic, can we assign AAD group to a Power BI group? Or can we reuse existing AAD groups without creating them in Power BI?

Message 5 of 5
2,890 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All