I setup a report in a workspace with RLS and configured all the properties / data model as per the MS manual, then I added a group to that workspace as Viewer and in the security options of the dataset. Problem is that a single user of this group is able to see all the data and bypass the RLS. I have not granted this user access to the report or dataset.
This is really strange cause with all other users of that group RLS are ok, so I tried to replicate the issue in a new workspace and i understood that if i first assign the workspace Member role to this user and then i change the role as Viewer or I completely remove this user from the workspace, he is still able to see all reports and data. It looks like something is not in sync.
1. "first assign the workspace Member role to this user and then i change the role as Viewer or I completely remove this user from the workspace" there may be a delay in this series of operations, please try again after a while.
2. Maybe you have added the user in a group, you removed the user individual from member, but the group is still in an edit role of the workspace.