cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
hkealy
Frequent Visitor

Sharing URL and RLS

I have a report which uses RLS.

The RLS also controls which report pages the user can access.

A user with ihgher rights is presented with a page which allows drill down to details

A user with lower rights is presented with a page that does not allow drill down.

I am aware of how to send a Share Link to another user which does not ignore RLS.

It appears however, if I am the user with higher rights and I  am on the report page which allows drill down - if I just copy and paste the URL from the Address Bar of the browser and send to a user with no drill down rights - or even no access to the report - that the URL will work for them and display the report page inheriting my right to drill down therefore.

 

Is there a way of preventing this?

1 ACCEPTED SOLUTION
GilbertQ
Super User
Super User

Hi @hkealy 

 

Yes as mentioned before RLS does not apply to pages. So when you copy the URL you are copying the page to be viewed and the RLS does not apply.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

View solution in original post

3 REPLIES 3
GilbertQ
Super User
Super User

Hi @hkealy 

 

Yes as mentioned before RLS does not apply to pages. So when you copy the URL you are copying the page to be viewed and the RLS does not apply.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

View solution in original post

GilbertQ
Super User
Super User

Hi @hkealy 

 

Please be aware that RLS cannot be applied to pages. It can only be applied to the dataset.


That is why when a link is shared the user will be able to see the page and its contents. You will have to secure the data via RLS on the dataset.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

hkealy
Frequent Visitor

GilbertQ,

Sorry, I should have made my description clearer.

Indeed RLS is applied to the dataset. it is done via an AD group which has been assigned Viewer only access. In addition DAX expressions using the USERPRINCIPALNAME() have been set on the appropriate tables.  The RLS is working as expected. The pbix contains a number of report pages to present to a user.

A user with higher rights is presented with a page containing summary information on which drilldown is enabled to bring them to a different page with the details for that summary. A user with lower rights is presented with a similar but different summary page which does not have drill down available. That is all working .

I am also aware of the optins available when using the Share button to tailor the type of link that can be shared with another user - we have tested those and that works as expected too.

However, my challenge is, if I, as a user with the higher rights navigate to my page allowing drilldown, then copy the URL fro the Address bar of the browser and send that to the user with lower rights, then that isbringing them to the page with drilldown that they are not supposed to see. that copied URL seems to go with the higher rights.

 

This is is the situation that I am asking is it possible to avoid.

Thanks for any advice

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

November Power BI Update 768x460.png

Check it Out!

Click here to read more about the November 2021 Updates!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Top Kudoed Authors