Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric Certified for FREE during Fabric Data Days. Don't miss your chance! Request now

Reply
POSPOS
Post Partisan
Post Partisan

Issue : RLS is getting bypassed

‎09-30-2025 09:16 AM

Hi,

I am creating a report which has row level security and page level security.

I have three pages in the report.

Page 1 has row level security(to see only the data they have access to) and page level security (hide page 2 and 3)

Page 2  page level security (hide page 1 and 3), no row level security (they see all data)

Page 3 has row level security(to see only the data they have access to) and page level security (hide page 1 and 2)

 

I created three RLS for this:  RLS_Page1, RLS_Page2, RLS_Page3

 

When I tst this by assigning a user to only one RLS at a time it works,

When I test this by assigning a user to RLS_Page1 and  RLS_Page3, it works

Issue: Issue here is if I assign user to RLS_Page1 and RLS_Page2,  or RLS_Page3 and RLS_Page2,  they the row level secutity is being bypassed.

 

How can I fix this?

 

Thank you

 

Labels:
Message 1 of 3
221 Views
0
1 ACCEPTED SOLUTION
ivana_tomekova
Advocate I
Advocate I

‎09-30-2025 09:34 AM

Problem is, that RLS_page 2 gives access to everything, as I understood it... if one user is in multiple RLS groups, RLS filters become additive... so if based on Page2 RLS they can see everything, this is then applied also to Page 1 and Page 3...

 

When you're considering the permission needs for a single report user, strive to create a single role that grants all those permissions, instead of a design where a report user will be a member of multiple roles. It's because a report user could map to multiple roles, either directly by using their user account or indirectly by security group membership. Multiple role mappings can result in unexpected outcomes.

 

Therefore, you need to choose between creating fewer roles or achieving the desired effect.


More in MS documentation here: Row-level security (RLS) guidance in Power BI Desktop - Power BI | Microsoft Learn

View solution in original post

Message 2 of 3
200 Views
2 REPLIES 2
ivana_tomekova
Advocate I
Advocate I

‎09-30-2025 09:34 AM

Problem is, that RLS_page 2 gives access to everything, as I understood it... if one user is in multiple RLS groups, RLS filters become additive... so if based on Page2 RLS they can see everything, this is then applied also to Page 1 and Page 3...

 

When you're considering the permission needs for a single report user, strive to create a single role that grants all those permissions, instead of a design where a report user will be a member of multiple roles. It's because a report user could map to multiple roles, either directly by using their user account or indirectly by security group membership. Multiple role mappings can result in unexpected outcomes.

 

Therefore, you need to choose between creating fewer roles or achieving the desired effect.


More in MS documentation here: Row-level security (RLS) guidance in Power BI Desktop - Power BI | Microsoft Learn

Message 2 of 3
201 Views
lbendlin
Super User
Super User
In response to ivana_tomekova

‎09-30-2025 02:46 PM

Page level security does not exist.  Create separate reports for separate audiences.

Message 3 of 3
155 Views
0

Helpful resources

Announcements
Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All