Solved: Re: Power BI Scanner API: RLS Information

IMett · ‎01-26-2024

Hi everyone,

I am trying to obtain information about Row Level Security configuration from the Scanner API, as described here:
https://learn.microsoft.com/de-de/rest/api/power-bi/admin/workspace-info-get-scan-result

The scan actually works, however concerning RLS Usage I have noticed, that roles names are only returned when there is at least one member assigned to the role. Otherwise I get a null value in the "roles" column for the whole dataset, even for those where I know and actually see that there are RLS roles configured.

Unfortunately this is exactly the case which I want to monitor: whether there are any configured roles without any users assigned to them which is usually a mistake.

Does anyone experience the same behaviour? Is the issue maybe known to the product team?

DAC15 · ‎02-05-2024

@IMett,

Not sure if its updated recently but I can see roles without members in our PowerBI scans.

Something like -

"roles": [

{
"modelPermission": "Read",
"name": "RoleName",
"tablePermissions": [
{
"filterExpression": "<my filter condition>",
"name": "TablePermissionName"
}
]
},
{
"modelPermission": "Read",
"name": "New role"
}

]

One note, we are scanning with lineage, datasetSchema and datasetExpressions parameters as true.

View solution in original post

IMett · ‎02-01-2024

Hi @DallasBaba
That does not help, sorry. The article does only explain how to access the Scanner API Call in general. I asked a very specific question.

DAC15 · ‎02-05-2024

@IMett,

Not sure if its updated recently but I can see roles without members in our PowerBI scans.

Something like -

"roles": [

{
"modelPermission": "Read",
"name": "RoleName",
"tablePermissions": [
{
"filterExpression": "<my filter condition>",
"name": "TablePermissionName"
}
]
},
{
"modelPermission": "Read",
"name": "New role"
}

]

One note, we are scanning with lineage, datasetSchema and datasetExpressions parameters as true.

IMett · ‎02-05-2024

Hi @DAC15
Thanks for your reply, that was very helpful. Then I probably have some kind of ETL mistake on my side, i will double-check that.
I am also using all paramters for the scan.

DAC15 · ‎02-05-2024

👍I think you may want to check a step where you are flattening this JSON data. While getting lower level of data e.g. in Roles --> members hierarchy, if you query for members, that query might not return those roles without members.

DallasBaba · ‎01-26-2024

@IMett I am not sure if anyone else has experienced the same behavior.

However, I found a Microsoft Learn article that explains how metadata scanning facilitates governance over your organization’s Power BI data by making it possible to quickly catalog and report on all the metadata of your organization’s Power BI artifacts.

Let me know if this works for you. @ me in replies, or I'll lose your thread!!!
Note:

If this post is helpful, please mark it as the solution to help others find it easily. Also, if my answers contribute to a solution, show your appreciation by giving it a thumbs up!

Best Regards,
Dallas.

Power BI Scanner API: RLS Information

Helpful resources

Microsoft Fabric Learn Together

Power BI Monthly Update - April 2024

Fabric Community Update - April 2024