Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

davide_crescini

User has access to report and can bypass RLS even after removing access from workspace

Submitted by on ‎03-21-2023 07:45 AM

Hi All,

 

I setup a report in a workspace with RLS and configured all the properties / data model as per the MS manual, then I added a group to that workspace as Viewer and in the security options of the dataset. Problem is that a single user of this group is able to see all the data and bypass the RLS. I have not granted this user access to the report or dataset.

 

This is really strange cause with all other users of that group RLS are ok, so I tried to replicate the issue in a new workspace and i understood that if i first assign the workspace Member role to this user and then i change the role as Viewer or I completely remove this user from the workspace, he is still able to see all reports and data. It looks like something is not in sync.

Any idea?

 

Thanks in advance for your support!

Status: Investigating

Hi @davide_crescini ,

I think there could be two reasons.

1. "first assign the workspace Member role to this user and then i change the role as Viewer or I completely remove this user from the workspace" there may be a delay in this series of operations, please try again after a while.

2. Maybe you have added the user in a group, you removed the user individual from member, but the group is still in an edit role of the workspace.

 

Best regards,

Community Support Team_kalyj

See more ideas labeled with:
1 Comment (1 New)
Comments
v-yanjiang-msft
Community Support
Community Support
‎03-22-2023 12:04 AM
Status changed to: Investigating

Hi @davide_crescini ,

I think there could be two reasons.

1. "first assign the workspace Member role to this user and then i change the role as Viewer or I completely remove this user from the workspace" there may be a delay in this series of operations, please try again after a while.

2. Maybe you have added the user in a group, you removed the user individual from member, but the group is still in an edit role of the workspace.

 

Best regards,

Community Support Team_kalyj

Idea Statuses