The RLS also controls which report pages the user can access.
A user with ihgher rights is presented with a page which allows drill down to details
A user with lower rights is presented with a page that does not allow drill down.
I am aware of how to send a Share Link to another user which does not ignore RLS.
It appears however, if I am the user with higher rights and I am on the report page which allows drill down - if I just copy and paste the URL from the Address Bar of the browser and send to a user with no drill down rights - or even no access to the report - that the URL will work for them and display the report page inheriting my right to drill down therefore.
Indeed RLS is applied to the dataset. it is done via an AD group which has been assigned Viewer only access. In addition DAX expressions using the USERPRINCIPALNAME() have been set on the appropriate tables. The RLS is working as expected. The pbix contains a number of report pages to present to a user.
A user with higher rights is presented with a page containing summary information on which drilldown is enabled to bring them to a different page with the details for that summary. A user with lower rights is presented with a similar but different summary page which does not have drill down available. That is all working .
I am also aware of the optins available when using the Share button to tailor the type of link that can be shared with another user - we have tested those and that works as expected too.
However, my challenge is, if I, as a user with the higher rights navigate to my page allowing drilldown, then copy the URL fro the Address bar of the browser and send that to the user with lower rights, then that isbringing them to the page with drilldown that they are not supposed to see. that copied URL seems to go with the higher rights.
This is is the situation that I am asking is it possible to avoid.