Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
Peter_23
Advocate II
Advocate II

RLS and App

‎10-10-2024 08:36 PM

Hi there, I developed a dashboard with three report (tabs: world, country, state ) and RLS inside one workspace, with the help of power bi forums. Successfully!

 

In my configuration (RLS), I have three groups:  1.Administrator role, 2 country role, 3 state role.

 

And now, I need to create an app with the same dashboard and restriction, e.g.  Administrator can see all tabs,  country role  -> country tab;  state role -> state tab.

 

So is this possible to apply the above configuration with RLS activate, the same groups as audiences? Any consideration to take care?

 

I mean If my user "Bob" with  state role rls (state group) , in the app  should be one tab which is state report and the same time rls filtering data access to him.

 

Thanks in advance.

🙂

Message 1 of 11
462 Views
1 ACCEPTED SOLUTION
Ritaf1983
Super User
Super User
In response to Peter_23

‎10-14-2024 06:57 PM

Hi @Peter_23 

It’s important to understand that there is no direct link between RLS (Row-Level Security) and App Audience settings because one controls row filtering, while the other determines which reports or pages are visible in the app.

RLS is designed to filter data based on user permissions, meaning users will only see the rows they are authorized to view within the report. On the other hand, App Audience settings control which reports or pages users can access in the app.

Both mechanisms operate independently:

  • RLS filters the content within the report based on permissions.
  • App Audience manages access to specific reports or pages within the app.

To ensure everything is working as expected, here are the checks you should perform:

  1. Workspace Access: If the test group has access to the workspace, they will be able to see all reports, regardless of the app audience settings. Make sure the test group does not have direct workspace access, and only access the reports through the app.

  2. App Audience Settings: Ensure that the test group is correctly configured in the audience that can only see the "Country" report and not the "State" report. Audiences must be accurately defined to prevent access to restricted content.

  3. RLS Validation: Verify that RLS is properly configured on both reports, and that the test group is filtered correctly for each report so that users only see the data they are permitted to view.

    If this post helps, then please consider Accepting it as the solution to help the other members find it more quickly

Regards,
Rita Fainshtein | Microsoft MVP
https://www.linkedin.com/in/rita-fainshtein/
Blog : https://www.madeiradata.com/profile/ritaf/profile

View solution in original post

Message 8 of 11
275 Views
10 REPLIES 10
anmolmalviya05
Memorable Member
Memorable Member

‎10-10-2024 08:51 PM

Hi  , 

This setup can be configured through Power BI Apps with audiences. Here's how you can do it:

 

Create Audiences in the app settings:

Audience 1: Administrator.

Audience 2: Country role.

Audience 3: State role.

anmolmalviya05_0-1728618698300.png

 

Did I answer your question? Mark my post as a solution! Appreciate your Kudos !!

 

Let's Connect on LinkedIn: https://www.linkedin.com/in/anmol-malviya/?originalSubdomain=in

 

@Peter_23

Message 10 of 11
439 Views
Peter_23
Advocate II
Advocate II
In response to anmolmalviya05

‎10-10-2024 09:42 PM

Hi @anmolmalviya05  thanks, you suggested  me the same groups for both functions?

Message 11 of 11
388 Views
0
Ritaf1983
Super User
Super User

‎10-10-2024 08:51 PM

Hi @Peter_23 

n Power BI Apps, it is not possible to apply RLS in a way that restricts access to specific pages or tabs within a report in the app.

However, within an app, you can use the Audience feature to define which groups can see specific reports or sections of the app. The Audience feature allows you to create different audiences, each with access to different reports or content within the app, but it does not control access to individual pages within a report.

Therefore, the solution would be to create separate reports for each role (e.g., one report for "state" and another for "country") and include them as separate objects within the app. You can then use the audience settings to determine who can see what.

The guide for the audience settings:

https://www.youtube.com/watch?v=nchNa44o2D4

(from minute 3)

If this post helps, then please consider Accepting it as the solution to help the other members find it more quickly

Regards,
Rita Fainshtein | Microsoft MVP
https://www.linkedin.com/in/rita-fainshtein/
Blog : https://www.madeiradata.com/profile/ritaf/profile
Message 2 of 11
441 Views
Peter_23
Advocate II
Advocate II
In response to Ritaf1983

‎10-10-2024 09:39 PM

Hi @Ritaf1983  yes, It will be two reports (state and country)  inside the app. So in the app could be work the RLS together? App level security and RLS security  🤔

 

Message 3 of 11
391 Views
0
Ritaf1983
Super User
Super User
In response to Peter_23

‎10-10-2024 09:47 PM

Hi @Peter_23 

There is no connection between RLS and the app audience.

The app audience defines who can see the report or a section of the report.
RLS (Row-Level Security) is used to filter rows.

These are two completely separate settings that do not affect each other.

If this post helps, then please consider Accepting it as the solution to help the other members find it more quickly

Regards,
Rita Fainshtein | Microsoft MVP
https://www.linkedin.com/in/rita-fainshtein/
Blog : https://www.madeiradata.com/profile/ritaf/profile
Message 4 of 11
386 Views
Peter_23
Advocate II
Advocate II
In response to Ritaf1983

‎10-14-2024 06:55 AM

Thanks @Ritaf1983  when you publish the app. is it available to anybody in organization or only to audiences?    If it's to anybody, is there a posibility to restrict to audiences?

Message 5 of 11
314 Views
0
Ritaf1983
Super User
Super User
In response to Peter_23

‎10-14-2024 07:22 AM

Hi @Peter_23 
Only to audiences.

If this post helps, then please consider Accepting it as the solution to help the other members find it more quickly

Regards,
Rita Fainshtein | Microsoft MVP
https://www.linkedin.com/in/rita-fainshtein/
Blog : https://www.madeiradata.com/profile/ritaf/profile
Message 6 of 11
308 Views
Peter_23
Advocate II
Advocate II
In response to Ritaf1983

‎10-14-2024 11:55 AM

@Ritaf1983 I have a update topic, so my configuration is: test user -> test group . I created: one report for "state" and another for "country" inside the app the restriction is "state" NOT viewing to  "test group". "Country" is allow to "test group".  Same workspace.

RLS is activate with "test group" to filter rows allowed. (both reports, same configuration)

IF I do testing with RLS in any reports with test group and viewer role in workspace.  It's works fine.

IF I do testing  with only  APP with test group. It allow to view  "Country" report. It's fine.

 

And finally

Test One:

with APP and RLS together with same test group. The audiencies do not working, show me all reports, but the RLS is working!  😞   I figure out because the group have access to workspace.

 

Test two

Remove access to test group in workspace, but I didn't access to APP, thorugh the share link show me: "Let's get your permission to view this app" ...

 

Is there a missing option configuration to works together (APP and RLS)?   eg. "Allow people to share the datasets in this app audienced".. "allow people to build content.."

 

Or do am I have two separe groups: one for audiences and one for RLS?

 

thanks in advance.

 

 

 

Message 7 of 11
292 Views
0
Ritaf1983
Super User
Super User
In response to Peter_23

‎10-14-2024 06:57 PM

Hi @Peter_23 

It’s important to understand that there is no direct link between RLS (Row-Level Security) and App Audience settings because one controls row filtering, while the other determines which reports or pages are visible in the app.

RLS is designed to filter data based on user permissions, meaning users will only see the rows they are authorized to view within the report. On the other hand, App Audience settings control which reports or pages users can access in the app.

Both mechanisms operate independently:

  • RLS filters the content within the report based on permissions.
  • App Audience manages access to specific reports or pages within the app.

To ensure everything is working as expected, here are the checks you should perform:

  1. Workspace Access: If the test group has access to the workspace, they will be able to see all reports, regardless of the app audience settings. Make sure the test group does not have direct workspace access, and only access the reports through the app.

  2. App Audience Settings: Ensure that the test group is correctly configured in the audience that can only see the "Country" report and not the "State" report. Audiences must be accurately defined to prevent access to restricted content.

  3. RLS Validation: Verify that RLS is properly configured on both reports, and that the test group is filtered correctly for each report so that users only see the data they are permitted to view.

    If this post helps, then please consider Accepting it as the solution to help the other members find it more quickly

Regards,
Rita Fainshtein | Microsoft MVP
https://www.linkedin.com/in/rita-fainshtein/
Blog : https://www.madeiradata.com/profile/ritaf/profile
Message 8 of 11
276 Views
Peter_23
Advocate II
Advocate II
In response to Ritaf1983

‎10-16-2024 08:56 PM

Thanks @Ritaf1983  I have no chane of a look at configuration. I will do.

Message 9 of 11
243 Views

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All