Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Score big with last-minute savings on the final tickets to FabCon Vienna. Secure your discount

Reply
Maverik91
Helper I
Helper I

RLS Not Applying When Added/Saved from Power BI Report Server, but Works After Re-uploading it

‎07-31-2025 07:44 AM

Hello, Power BI Community,

I am experiencing a critical issue with Row-Level Security (RLS) that seems to depend on the workflow used to apply it. When I configure RLS directly opening in edit mode from Power BI Reporting Service, the security rules do not take effect, even though they appear to be set up correctly.

The security rules only become active after the report is downloaded and then re-published from the Desktop application.

Has anyone else encountered this behavior? Is this a known issue, or am I missing a step when configuring RLS directly in the service?

Any help or insight would be greatly appreciated.

Thank you

Labels:
Message 1 of 6
426 Views
0
1 ACCEPTED SOLUTION
v-venuppu
Community Support
Community Support
In response to Maverik91

‎08-07-2025 06:55 AM

Hi @Maverik91 ,

You are absolutely right: the behavior you are seeing is consistent with a known limitation in Power BI Report Server. When you use the "Edit in Power BI Desktop" feature directly from the Report Server portal and then save back to the server, the RLS roles may not be properly embedded or refreshed in the report metadata - even though the UI shows them as configured.
To ensure RLS  works correctly on Power BI Report Server(Until the issue got fixed):

 Recommended Workaround is as follows:

Download the .pbix file manually from the Report Server.
Edit it in Power BI Desktop (not via “Edit in Power BI Desktop” from the portal).
Save locally, then upload manually back to the Report Server.

This manual upload correctly triggers RLS enforcement, unlike the “Edit from Server and Save” method, which may skip refreshing RLS bindings due to a known issue.

Thank you.

View solution in original post

Message 4 of 6
287 Views
5 REPLIES 5
v-venuppu
Community Support
Community Support

‎08-07-2025 01:08 AM

Hi @Maverik91 ,

May I ask if you have resolved this issue? Please let us know if you have any further issues, we are happy to help.

Thank you.

Message 6 of 6
310 Views
0
v-venuppu
Community Support
Community Support

‎08-04-2025 01:31 AM

Hi @Maverik91 ,

I wanted to check if you had the opportunity to review the information provided and resolve the issue..?Please let us know if you need any further assistance.We are happy to help.

Thank you.

Message 5 of 6
335 Views
0
v-venuppu
Community Support
Community Support

‎08-01-2025 05:24 AM

Hi @Maverik91 ,

Thank you for reaching out to Microsoft Fabric Community.

When you define Row-Level Security (RLS) directly in the Report Server (via browser), it may not apply correctly. Microsoft recommends defining RLS roles in Power BI Desktop using the “Manage Roles” feature.Then, publish the report from Desktop to Power BI Report Server. Avoid editing RLS roles directly in the Report Server UI, especially with DirectQuery models. This ensures the roles are embedded properly and enforced as expected.

 

Please find the below Microsoft documentation for your reference:

Row-level security (RLS) in Power BI Report Server - Power BI | Microsoft Learn

 

Thank you.

Message 2 of 6
374 Views
0
Maverik91
Helper I
Helper I
In response to v-venuppu

‎08-07-2025 01:36 AM

Hi @v-venuppu 

Thank you for your response and for the documentation.

I'd like to clarify the exact procedure I am following, as I believe it points to a specific bug rather than a deviation from best practices. The workflow you described (creating roles in Desktop and then publishing) is what we generally do. The issue arises during subsequent edits.

Here is my exact workflow:

  1. I open the Power BI Report Server portal in the browser.
  2. I navigate to an existing report and select the option to "Edit in Power BI Desktop". This action opens the report in the Desktop application directly from the server.
  3. After making my changes in Power BI Desktop, I use the Save function, which saves the report directly back to the Report Server, overwriting the existing version. This is the integrated and recommended way to update reports.
  4. Following the save, I go to the report's settings in the web portal (Manage > Row-level security) and assign users to the appropriate roles. The interface shows everything is configured correctly.

The Problem: When I follow this specific "edit from server and save back" process, the RLS rules are not enforced at all. Users can see all the data.

The Workaround/Proof of Bug: If I then take that exact same report (which isn't working), download the .pbix file to my local machine, and immediately upload it back to the server, overwriting the report, the RLS starts working perfectly without any other changes.

This behavior leads me to conclude that this is a bug. The server fails to correctly apply the RLS policies when a report is saved directly from Power BI Desktop via the "Edit from Server" feature. However, the manual upload process correctly triggers the security application.

I hope this clarification helps to better define the issue.

Best regards,

Message 3 of 6
303 Views
0
v-venuppu
Community Support
Community Support
In response to Maverik91

‎08-07-2025 06:55 AM

Hi @Maverik91 ,

You are absolutely right: the behavior you are seeing is consistent with a known limitation in Power BI Report Server. When you use the "Edit in Power BI Desktop" feature directly from the Report Server portal and then save back to the server, the RLS roles may not be properly embedded or refreshed in the report metadata - even though the UI shows them as configured.
To ensure RLS  works correctly on Power BI Report Server(Until the issue got fixed):

 Recommended Workaround is as follows:

Download the .pbix file manually from the Report Server.
Edit it in Power BI Desktop (not via “Edit in Power BI Desktop” from the portal).
Save locally, then upload manually back to the Report Server.

This manual upload correctly triggers RLS enforcement, unlike the “Edit from Server and Save” method, which may skip refreshing RLS bindings due to a known issue.

Thank you.

Message 4 of 6
288 Views

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All