Agreed. Users should be able to create RLS and then immediately obtain the Reader role on a Dataset when published up to the service. If more than a reader role is needed then and only then would the solution owner would manage that exception. The norm should be the assignment of Reader. This would eliminate the multiple steps it takes and make it easier for all.

Internal users roles can easily be managed by O365 groups. role called 'Department' - single member in PowerBI: department@company.com managing actual users to be members of department@company.com distribution group will propagate to powerBI just fine. me@company.com is member of department@company.com group - I am automatically member of 'Department' role (and see data based on this role DAX filtering) If you are to grant read only access to anyone outside of the company - user is not part of "@company.com" he/she will not match anything in local groups. Solution would be to allow wildcards as members of custom role: lets say custom role named "Everyone" - with one member: * - effectively matching everyone. With this setup, role named 'None' as visible in PowerBI Desktop will have no members (every user is forced to be member of "Everyone" role - unless matching filter for other roles) Another option would be to allow DAX filtering on 'None' role (currently not possible).

Yes! I agree. This feature is very important. Makes it easier for dynamic role management. I have created a dynamic relationship manager role in my Power BI report but it appears I have to manually add the users to the RM role before it allows them access.

Hi, its possible to do this! Just create a role that has full view, and in the service environment security settings add "Everyone" to the role.

Are we still talking about this? Or is there some new way to do this since my last comment over 2 years ago? I still think it is funny that, there is all these 'data security' features that only work if you assign a role to someone. If someone doesn't have a role... all cool? Just give them all the data. Go to all the effort to maintain hundreds of users, then that 1 that gets missed walks away with the entire dataset. Sweet.

This is a badly needed feature for data security. RLS exists to protect data. Having no default role that can be applied when a user is not a member of assigned groups means all of your data protection is lost in the event that users are not correctly managed outside of Power BI (and with very large enterprises, this can be very challenging to ensure). I think in most cases, users would want the default to be access to nothing, but as it stands, the default gives users access to everything (because RLS is only applied for users belonging to specified groups).

Please get on this soon. My company is extremely large and manually adding users every time a report is shared is extremely cumbersome in a software that is meant to help automate processes. It should be an option to toggle a default role and assign default permissions every time a new user is granted access so other users can share reports freely while still maintaining security for the more sensitive information. I currently have to disable sharing because otherwise when a report is shared they won't see anything if not assigned to a role and will assume powerbi isn't working. Most don't know they need to ask to also be added to a role.

Unbelievable that PowerBI still doesn't have this issue covered... Just give us default READER role that anyone will be granted straightaway so we can prevent the secure data to be seen !

Cannot believe there still isnt a solution for this , adding individuals to roles each time is simply to big an issue.
Obviously there is a work around otherwise Microsoft themselves would be asking for it given the number of employee they have.
Simple allow a default role to be assigned to a role in the service, that every users is assigned to without needing anyone to enter this, they can then just maintain the sub-sets ie managers who get additional access.  Surely not a big job to do.

This is a duplicate of "add a default role for row level security" https://ideas.powerbi.com/ideas/idea/?ideaid=27a0e121-51c0-4909-94c2-a1dc472a4a49