Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
Hello,
I need very important help about a report server instance.
This server is used by a lot of people. They all open a report where RLS allow them to see only some data. I have some special users who must see some more information, completely hidden to the previous "not-special" ones, who must not even know they exist.
So, I think I have 2 choices:
I don't think the first one is possible, I read I can't hide pages to users within a report. So, I think I need to choose the second one, but I don't know how to hide the report to the common users. They must not know it exists.
I'd hear any other proposal with pleasure, of course. It's a do-or-die aspect I need to fix.
Thank you so much for your help.
Nick
Solved! Go to Solution.
Apologies that was bit of a rubbish explanation
When you deploy/save a PBIX form PBI Desktop you get to browse the folders on your PBI-ReportServer.
You can create folders on your PBI-ReportServer using the web front end. Usually http:\\yourservername\Reports\
You could create a folder called MyReportSubjectArea and then inside that folder create another folder called MyReportSubjectAreaSuperUsers. You can set security at folder level so restrict the MyReportSubjectArea folder to your main users and MyReportSubjectAreaSuperUsers to the more restricted set o users (we use AD groups to do this as it's way easier to add people to AD groups than adding and removing individual users via the SSRS web front end. (SSRS is the underlying server tech for PBI-ReportServer)
If you don't have any permissions on a folder you don't see it and can't access the contents even if someone sends you a link.
This page is about configuring SSRS security
Yeah. I think you need a separate report. In a separate folder in SSRS with its own security group/restrictions. This is just simpler to manage, though you may well need to copy logic across the reports...
Hi @Anonymous and thanks for your answe.
Sorry I still don't understand what SSRS is. For what I know, you mean I need to create in PBIRS a separate folder with the special report? And there you tell me I can set security restrictions? What would my common users see? They see the folder but can't open it? Or what else?
Thank you very much
Nick
Apologies that was bit of a rubbish explanation
When you deploy/save a PBIX form PBI Desktop you get to browse the folders on your PBI-ReportServer.
You can create folders on your PBI-ReportServer using the web front end. Usually http:\\yourservername\Reports\
You could create a folder called MyReportSubjectArea and then inside that folder create another folder called MyReportSubjectAreaSuperUsers. You can set security at folder level so restrict the MyReportSubjectArea folder to your main users and MyReportSubjectAreaSuperUsers to the more restricted set o users (we use AD groups to do this as it's way easier to add people to AD groups than adding and removing individual users via the SSRS web front end. (SSRS is the underlying server tech for PBI-ReportServer)
If you don't have any permissions on a folder you don't see it and can't access the contents even if someone sends you a link.
This page is about configuring SSRS security
Sorry @Anonymous
I accepted your answer as a solution as I thought it would work, but now I am in trouble again with the same issue. Hope you read my topic once again. I create a folder with my "public" report and then in this folder I create another folder with the "more private" report. I have 2 users: the first is system administrator and has every possible roles in both folders, so he can visualize everything, the second one instead has no role in site settings, he has no roles in folder management too, he just has a row-level role in the "public" report where he sees what's right for him, while he can open the "private" report but no data is shown.
It's not good to me, I need the second user not to see the second folder with the private report at all!!
Pray you or someone can help me.
Thank you so much
Create a new role (site settings security). Add your sysadmin to this role. Now "manage" the "private folder" you created and customise its security so only the new role has access.
Your sysadmin shoudl be able to see the folder, your other login shouldn't. Add your other login to the role and the folder shoudl appear for them. Remove them and it shoudl vanish. Sometimes you have to kill the browser to get the fresh permissions as some of this stuff gets cached.
regards
S
Thank you @Anonymous
Well it doesn't work or I didn't understand your hint.
I can create a new system role, but it depends on what activities I allow it on Reporting Services. Then, where should I add my sysadmin to this role? In Site settings on Report Server on in SQL? I don't know if you mean my super user on Power BI Report Server or SQL sysadmin. I don't even know how to manage the private folder so that only new role has access, as well. I thought I need an item level role, or not?
Thank you once again.
Nick
Sorry that was obviously a poor explanation. I can't produce a more detailed guide with screen shots at the moment as I'm no longer working with PBI on premise at my new company and haven't got access to an instance here.
It's basically the same as SSSR server so these two links should point you in the right direction.
http://www.andrewmosey.com/hiding-ssrs-folders-from-users
https://www.youtube.com/watch?v=d2E6B3TTUYg
The video is an older version of SSRS so looks pretty different but the fucntionality/approach is the same.
This is all about the users on the PBI ReportServer. So you need to log on as that user on a client machine and browse to the PBI ReportServer as that user to see the effect. If you're an admin on the PBI Report Server you get to see pretty much everything all the time.
regards
Steve
We actually use AD groups for this. So we assign the AD group to the role in SSRS/PBI-SSRS and then assign users into the AD group. But for testing it using a specific user login will work. It just gets difficult to maintain with lots of user
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
User | Count |
---|---|
3 | |
3 | |
1 | |
1 | |
1 |
User | Count |
---|---|
5 | |
5 | |
4 | |
4 | |
4 |