Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Compete to become Power BI Data Viz World Champion! First round ends August 18th. Get started.

JoshT

Semantic Model Permissions Management Broken

Submitted by Advocate III on ‎02-08-2024 08:06 AM

I have been unable to remove any groups previously granted permissions to a model. Repro steps:

 

Semantic Model > Manage Permissions > Direct Access > Select group > Remove Access

 

JoshT_0-1707407732840.png

Dialogue returns to manage permissions screen with no confirmation, group remains with permissions. Group still remains after refreshing the page. Group is not a member of the workspace, so should be able to be removed from this model.

 

This happened after renaming an AD group - this may be a red herring but I noted that while the updated name displays in Entra and other places on Power BI (e.g. model security page), it does not on the permissions page.

 

This needs to be treated as high priority as inability to remove user permissions on a model constitutes a security breach.

Status: Investigating
See more ideas labeled with:
4 Comments (4 New)
Comments
Anonymous
Not applicable
‎02-08-2024 06:07 PM

Hi @JoshT ,

 

I followed the steps below but it did not reproduce your problem.
1. Created an M365 group named CaitlynM365Group.
2. Added Report A's Semantic Model permission to the group.
3. Rename the M365 group to Caitlyn365 and refresh the semantic model page in workspace. (At this point we notice that the renamed group name is not refreshed)
4. Click Remove access on the manage permission page for this semantic model.
5. Press F5 to refresh your browser and the group disappears from the semantic model's manage permission page. The removal is successful.

 

Some operations in Power BI Service may sometimes have a 15-minute delay before they take effect, so you may check to see if it's working properly now.

 

Best regards.
Community Support Team_Caitlyn

JoshT
Advocate III
Advocate III
‎02-09-2024 12:52 AM

Hi @Anonymous ,

 

I've tried again this morning and while some groups can be deleted now, the renamed group still can't be deleted. Those groups that can now be deleted were not removed after attempts to do so yesterday. I also want to stress that there's no feedback to the user, so even if it were a matter of being a delay, it should be considered a bug.

 

I'm not sure if it matters but the group in question was not an M365 group, it was an AD security group synced  from on premise using AAD Connect.

 

UPDATE: I've tried again, it turns out that checking the boxes to remove access from downstream reports was preventing the groups from being removed. Unchecking these boxes allowed these groups to be removed from the semantic model; I've been able to replicate this behaviour several times:

JoshT_0-1707482964284.png

 

So the point about renamed groups was a red herring, though it should be noted that adding these groups back to the semantic model still displays the old name in the user list.

Anonymous
Not applicable
‎02-12-2024 06:06 PM

Hi @JoshT ,

 

I did a test using security groups based on the information you provided and again, I was able to successfully delete the renamed group .
When I try to re-add the deleted and renamed security group, it shows the new name and everything works fine.

Based on the above information, this issue is complex which may need to collect log files for further troubleshooting. Since community support engineers don't have that access, I would suggest opening a Support Ticket. If you are a Power BI Pro or Fabric licensee, you can create a support ticket for free and a dedicated Microsoft engineer will come to solve the problem for you. 
It would be great if you continue to share in this issue to help others with similar problems after you know the root cause or solution.

 

The link of Power BI Support: Support | Microsoft Power BI

For how to create a support ticket, please refer to How to create a support ticket in Power BI - Microsoft Power BI Community

 

Best Regards,
Community Support Team _ Caitlyn

JoshT
Advocate III
Advocate III
‎02-13-2024 01:26 AM

@Anonymous As I stated in my post above, this doesn't have anything to do with groups being renamed. This occurs when the checkboxes to remove access from downstream articles are checked. The behaviour is repeatable across different datasets and workspaces and I have not been able to remove a group or user from a dataset while these boxes are checked. This is a UI bug and needs to be fixed.

Idea Statuses