Showing results for 
Search instead for 
Did you mean: 
Frequent Visitor

Row-level Security to Multiple Reports with Same Dataset

Hi folks,
There are two reports on the same dataset, one of them connected to the live dataset. I wish to apply RLS differently on these two reports. Challenge is, since they are on same dataset, Power BI only lets me apply security at a dataset level.

My guess is, if I'm able to find out the report guid in the pbix file (may be via a REST API) during role definition, I can apply an if-else to apply different security rules to these two reports.

My last resort would be to make two copies of datasets, just because there is no way to apply security at a report level.

Please let me know if any of you have some cool ideas on this.
Advocate II
Advocate II

You can implement different RLS for different reports based on one data set. The "trick" if trick it is, is to have more than one column, or, set of columns, which reflect the RLS you wish to implement for a given report. For example, you have 4 rows in your data, and you want to implement two different RLS. RLS 1 says one person can see all four rows, RLS2 says that 4 different people can only see their row.  So, you have two columns, one column has an ID for person who will want to see all four rows in all four rows, the other, has the ID of individuals who can see only that row. You can then make two reports, either the same or different to each other each using one of the two columns to govern RLS. An RLS can use more than one column to define who should see what (generally reflecting organisation hierachies), so, you could have two multi-column based schemes which can then be used to control access to whatever reports are based on the dataset.


An approach like this worked for me in the context of an organisation which has "Premium Workspaces" which gives everyone in the organisation domains the potential to see any report which can then be controlled by direct permissions (defining, restricting if necessary, the extent of the internal population who might potentially want or need to see the report, e.g. a departmental email group or the whole organisation) and then by RLS which restricts report access further according to whatever RLS rules you wish to impose.

Advocate II
Advocate II

Yes I did get it working as I wanted it to in the end although I found the help pages around this subject both confused and confusing at that time, maybe they are better now. As I recall I never was able to "test" the RLS with more than one report myself (which I think MS should fix, maybe they have now) -  so the "test" was publishing it and checking with some selected individuals that they could see what I expected them to see and only that. It seemed to work. I got around authentication probems by making the report available to everyone in my organisations domain (without notifying them) in a "premium workspace", but, then, restricting what any individual could see by using the RLS. The specific, but still, widely spread in the organisation, intended audience were then notified of their access as needed. If someone in the organisation gets a link but isn't in the RLS they see nothing or only the "bones" and textual content of the report. My RLS scheme itself was defined over several fields and it seemed to me that you can have as many fields defining RLS over a dataset as needed. My RLS related to one key field, if you have more than one key, probably that's more complex. So, yes, I think you can have different RLS on the same dataset in a hierarchy. Another level of control is provided by where and how you publish your report. If you have "Premium" workspaces then reports and apps are publishable to your entire organisation or any subset you can define (not RLS as such, but, can be used to the same effect). If not you are restricted to "Workspaces" and "Apps" which I think only those with a Pro license can see which is somewhat limiting. But, even with "Premium" you can choose to publish to a non-premium workspace if it suits your purpose to restrict access only to those with a Pro-License.

Helper II
Helper II

@patilyogesh - did you ever figure out a way to implement this?  We have a LARGE dataset and currently have it duplicated, so I am trying to consoldiate, but one report only shows %'s which all users can have access to see and the other report has actual values, which is limited by RLS.

Advocate II
Advocate II

Although the answer may well be in the three links referenced above, I'd like to ask a related question. Even if one is happy with using the same RLS rules over multiple reports connected to a single separated dataset, how, in the dataset do you test that RLS separaetly with each report to verify it is working as you wish it to. It seems that the testing screen in the dataset connects to one report and shows you the RLS with that but won't let you choose another report. Is there a solution to this on the way, or, an existing workaround? Am I missing something?

Super User
Super User

@patilyogesh wow....this is a great question and a strange request. Thinking about it and not sure how this can be achieved? May be with XMLA R/W but still not sure. I think it is easy to go with duplicate datasets with deploy separate RLS rules but it surely made me think and I will spend some time in the near future. Great great question/challenge.

Did I answer your question? Mark my post as a solution.

Proud to be a Super User! Appreciate your Kudos 🙂
Feel free to email me with any of your BI needs.

@parry2k  Did you find the solution? I need to do the same and it is like a must have thing for me. I can not create two datasets for this. 

Helpful resources

May 2023 update

Power BI May 2023 Update

Find out more about the May 2023 update.

Submit your Data Story

Data Stories Gallery

Share your Data Story with the Community in the Data Stories Gallery.

Top Solution Authors