Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
Anonymous
Not applicable

Manage the security and RLS for big group of person

Hi guys,

 

Currently, I have to set the security and the RLS of each report manually but I will have soon 60 new users to be added. It could take me a lot of time  if I do manually 60 times, so I would like to know if there  is a way to do it smarter and faster

 

Thank you in advance !

 

2 ACCEPTED SOLUTIONS

For the first time, you need all those 60 people to be grouped somewhere. For this, you should create an active directory group "DOMAIN\MY Group Name" and members in this group. What this will do, you only need to add this group in your Roles/Report Permission. 

 

But this group cannot resolve to user name which is mapped in your RLS configuration (Filtered) table in the data model. you need to add the individual user in that table.

 

This AD grouping thing will solve your hassle of continuously adding individual users in each report. You just need to add the user in the AD group and it will get access to each report which has been permitted to that group.

 

For creating AD Group, you might need help from your System Administrator.







Did I answer your question? Mark my post as a solution! Appreciate your Kudos!!

Proud to be a Super User!




View solution in original post

Yes, that's correct. Perfect







Did I answer your question? Mark my post as a solution! Appreciate your Kudos!!

Proud to be a Super User!




View solution in original post

6 REPLIES 6
Anonymous
Not applicable

@FarhanAhmed @lbendlin 

sorry but I  don't understand what you want to say.

All my roles are set up and now I have to assign the specific roles to 60 peoples and I would like to avoid to do it 60 times.

For the first time, you need all those 60 people to be grouped somewhere. For this, you should create an active directory group "DOMAIN\MY Group Name" and members in this group. What this will do, you only need to add this group in your Roles/Report Permission. 

 

But this group cannot resolve to user name which is mapped in your RLS configuration (Filtered) table in the data model. you need to add the individual user in that table.

 

This AD grouping thing will solve your hassle of continuously adding individual users in each report. You just need to add the user in the AD group and it will get access to each report which has been permitted to that group.

 

For creating AD Group, you might need help from your System Administrator.







Did I answer your question? Mark my post as a solution! Appreciate your Kudos!!

Proud to be a Super User!




Anonymous
Not applicable

Thank you for taking time to answer me . I understand the logic

 

Exemple : I have an AD group named as AD_Test which grouped 60 people who has their own account to log in to the report server.

- If I want them to see the report X, I just need to open rights to the group AD_Test and not to each ID User in the Security tab

- If I want them to see the report X with the role R1, I just need to assign this role to the group AD_Test and not to each ID user in the Row Level Security tab

Capture.PNG

It's right ?

 

Have a good day !

Yes, that's correct. Perfect







Did I answer your question? Mark my post as a solution! Appreciate your Kudos!!

Proud to be a Super User!




FarhanAhmed
Community Champion
Community Champion

Agree with @lbendlin 

 

- Create AD group based on the domain (HR/Finance/Sales etc) OR people accessing reports to differentiate people amongst the organization.

- Assign those groups in Report(s) Permission & RLS Permission.

- You cannot control RLS via Group, you need to have individual users stored in the table and their data role that will be used in Report.

 







Did I answer your question? Mark my post as a solution! Appreciate your Kudos!!

Proud to be a Super User!




lbendlin
Super User
Super User

start assigning RLS roles to distribution groups, not individuals. Consider storing the access rules in a separate table that Power BI can link to.

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.