Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Jolien
Advocate I
Advocate I

Security on multiple reports in one app

‎02-14-2020 03:29 AM

Kind stranger,

 

I've created multiple reports (each with their own dataset) in one workspace. I've published them in the same app, but now I'd like to add restrictions to who can see which report.

 

To make matters concrete:

  • Workspace CustomerName
  • Reports in CustomerName
    • General Report
    • Management Report
  • Datasets in CustomerName
    • General Reporting
    • Management Reporting

I've applied RLS to the General Report, so project managers can only see data for their onw projects.

However, the current situation allows them to see all data in the management report.

I'd like to add security to the reports, so only a select group of people (management) can see both reports and all other users (project managers) can only see the general report (with RLS applied).

 

Can anyone help me with this?

Labels:
Message 1 of 7
2,285 Views
0
1 ACCEPTED SOLUTION
Jolien
Advocate I
Advocate I

‎02-27-2020 09:36 AM

I eventually solved this by creating 2 workspaces, adding each report to its own workspace and restricting access to the apps built on the workspaces.

I've made 2 links available, one to the management-app and one to the general-app. Each person will get a "restricted" error on one of both links (on which one depends on their profile).

 

Thank you for the provided help!

 

Kind regards,

Jolien

View solution in original post

Message 6 of 7
2,188 Views
0
6 REPLIES 6
Alastair
New Member

‎11-18-2020 01:56 PM

Would it have been feasible to feature engineer a new column(s) with row security classes as categorical values?

Message 7 of 7
1,892 Views
0
Jolien
Advocate I
Advocate I

‎02-27-2020 09:36 AM

I eventually solved this by creating 2 workspaces, adding each report to its own workspace and restricting access to the apps built on the workspaces.

I've made 2 links available, one to the management-app and one to the general-app. Each person will get a "restricted" error on one of both links (on which one depends on their profile).

 

Thank you for the provided help!

 

Kind regards,

Jolien

Message 6 of 7
2,189 Views
0
nickyvv
Community Champion
Community Champion

‎02-14-2020 04:13 AM

Hi @Jolien,

I think the option that would work is the following:

You can leave everything in the same workspace. But publish the app without the Management report. Then give management the Viewer Role on the workspace. They will be able to view the contents of the workspace (both reports), and the rest will only see the General Report in the app.

Let me know if that works for you. I'm not sure if everyone has a pro license or that you use Premium capacity, that's not clear from your question. But this should work, regardless of how you have implemented it now.

 

Did this help you or did I answer your question?
Then please give kudos or mark my post as a solution!
My blog: nickyvv.com
Twitter: @NickyvV



Did I answer your question? Mark my post as a solution!

Blog: nickyvv.com | @NickyvV


Message 2 of 7
2,275 Views
0
Jolien
Advocate I
Advocate I
In response to nickyvv

‎02-14-2020 05:08 AM

Hi @nickyvv ,

 

Thank you for your quick reply.

That sounds like a good workaround, but to me it kind of defies the use of the app as management would have to go from the app to the workspace every time. Isn't there a solution that doesn't require them to leave the app?

Most of them have no experience at all with the workspace + navigating from app to workspace is quite tiresome.

 

Kind regards,

Jolien

Message 3 of 7
2,264 Views
0
v-xuding-msft
Community Support
Community Support
In response to Jolien

‎02-16-2020 10:33 PM

Hi @Jolien ,

You could assign contributor or member roles to the group of people (management). They can view all the reports in the workspace because of editing capability. And you could add other users (project managers) to a viewer role.  Then add the group of people (management) in the security of the reports that you don't want users to view. In this way, project managers will get the error massage below in those reports.

3.PNG

It is a little complicated way. In Service, there is not an option can hide reports or make users not view reports directly. So, hope this can help you.

 

Best Regards,

Xue Ding

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Best Regards,
Xue Ding
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 4 of 7
2,229 Views
0
Jolien
Advocate I
Advocate I
In response to v-xuding-msft

‎02-20-2020 05:14 AM

Hi @v-xuding-msft ,

 

Thank you for your help.

 

Now I have:

  • Workspace Acces:
    • Admins -as- Admin
    • Management -as- Viewer
    • Project Managers - Not added
  • General Reporting (dataset) Security:
    • Role: Project Manager  - Added Project Managers
  • General Reporting (dataset) Permissions:
    • Admins -as- Admin (Owner)
    • Management -as- Viewer, App (build)
    • Project Managers -as- App
  • Management Reporting (dataset) Permissions:
    • Admins -as- Admin (Owner)
    • Management -as- Viewer, App (build)
    • Project Managers -as- App
  • App Permissions:
    • Specific individuals or group - Added Project Managers (build permission unchecked)

I've checked with a PM and if I don't add him to the app permissions, he gets an error saying something like "you don't have enough access, request permission". If I do add him (as per above), he can still see both the general report (with only data from his projects) and management report (with all data from all projects). What am I doing wrong?

 

Plus, doesn't the "(build)" in the dataset permissions mean they have too much access? I don't want management to edit reports, only read them. It seems like I can't remove the build access without removing them from the workspace.

Message 5 of 7
2,215 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All