Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

ISSUE - Removing App permissions does not remove permissions to underlying data

I have a concerning issue.

 

I’ve been going through and culling the list of people who have access to my published PBI application.  However, when I remove people from the app I get a pop-up that looks like this which seems to indicate that removing their permissions to the “app” does not remove their permissions to the underlying report (and data).

Picture1.png
When I go to each underlying report’s permissions, sure enough ALL the work I put into removing people’s access to the app was completely pointless because their access is retained to the report. The user STILL retains permissions to “Read, reshare, and build” to EACH of the reports that are a part of the app.  This means that I need to remove permissions from the App, and then (one by one) go and remove permissions from each user for each of the 10 reports that I have in my app???

Picture2.png

For clarification, these people (and groups) did not have permissions to the underlying data and reports prior to being given access to the application.  So, the tool propagates permissions when you are granting them, but not when you are removing them.

 

Also, I do not even know why this checkbox is here

lordneeko_2-1614175695820.png

because it does not enable any bulk actions on the permissions list.

 

 

This really needs to be fixed. I will literally spend HOURS removing each individual 1-by-1 from each dataset that is attached to my publushed app.  What SHOULD happen, is their removal from the app subsequently removed them from the dataset as well (unless of course they have designated workspace permissions)

Status: New
Comments
lbendlin
Super User

Fully agree. There needs to be a better way of dataset permission auditing than having to comb through the CreateDataset/Update Dataset tenant audit logs.

v-lili6-msft
Community Support

hi 

This is designed by default in power bi.

Say you've distributed an app from a workspace to a group of people. Later, you decide to remove access to the app for some people. Removing their access to the app doesn't automatically remove their build and reshare permissions. That's an extra step.

 

 

https://docs.microsoft.com/en-us/power-bi/connect-data/service-datasets-build-permissions#remove-bui...

 

and you could submit your feedback in here and vote for it and make it coming soon.

 

Regards,

Lin

lordneeko
Advocate II

 

v-lili6-msft
Community Support

hi 

I also think it should be improved, please share your suggestion in here to help improve it..

 

Regards,

Lin

lordneeko
Advocate II

Sigh... well I thought I was putting this in the correct place.

 

I RESUBMITTED it here

https://ideas.powerbi.com/ideas/idea/?ideaid=e9308822-4a78-eb11-8ced-501ac524afb0

 

Please vote AGAIN

 

btw, I am not a fan of the new Ideas site because you cannot post screenshots or anything else there.  It's pretty limited.