RLS is set at both the data level in the Desktop and then at the Dataset level in the service. I am using the "Username () " DAX function in the desktop to set up a role and join this to a pre-built 2 column table of user ids and Branches each user has access to. The issue is that in the Service, at the dataset, I need to manual add each user. There should be an option to have ALL users applied the RLS.

Default role should be assigned through the PBI service. This is especially important once you have implemented dynamic RLS.

Were you able to find a solution for this issue? I have the same problem...

I agree with this aswell. It should be something like 'User Level Security' where anyone that has not been assigned a role can have their data scoped down by attributes found on the Username () model. For example 'jay.killeen@domain.com' accesses the report and has no role assigned. Behind the scenes PowerBI finds my Username () . Option 1. Username () inner joins on my User model by matching Username () -> User.email. All other models are inner joined on User therefore all data is then scoped down by the single entity User that has been matched by Username () . Option 2. Username () itself in AD has fields such as Division, Region or even Role etc and rules can be set (similar to existing RLS Table Filter rules) that utilise the value of these fields. Under Option 2 you might have a rule on the Region table that sets Region.Code = Username () .RegionCode. This way anyone logging in, that has no role assigned could have filters applied based on the User Level Security filters. I'd then simply be able to set my rules by user and expect my 1000+ members to be scoped down based on those rules and their attributes can be managed centrally in AD. This is how it is done in web frameworks such as Ruby on Rails (see the Pundit Gem or CanCan)

I would very much appreciate this functionality as well. If you have a large userbase that is changing frequently you really need a default role!

Fully agree. This functionality is very much needed to simplify access management.

If the 'Manage Roles' dialog had a 'default' option to set table filters for users who had no role assigned, the problem would be solved from my point of view.

It would also help when trying to give minimal access by default. If no roles were passed, the default role could block most, if not all, data. This would allow you to create reports that require a role in order to see any data instead of the lack of a role showing all data.

Agree to that it is a simple but very helpful feature. Having to add user to a RLS is very cumbersome

It is interesting that when you click 'View as roles' there is a 'None' and an 'Other user'. Other user' is defined nowhere and we don't have the ability to set the rules on it... so why have it? Maybe they are preparing for this feature and allow us to set a rule against 'Other User' that is defined to anyone that has accessed but not yet given a role.