Skip to main content
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Frequent Visitor

Azure Active Directory Power BI Security group management by Super Users for RLS

Hello All and thank you in advanced,


I have been searching online without much luck around the topics of Azure Active Directory secuirty group self-management by end-users for RLS. 


Essentially to not bottle neck end users, I am looking for suggestions on allowing certain users in my Active Directory to manage thier own departemnts Secuirty Groups for a workspace or the ability for data domain owners to manage secuirty group accesses to semantic models. Could someone point me in the right direction, I am not finding anything, nor can think of any elegant solutions. 


My idea here is to pre-define the security groups for Semantic Model's RLS, and or Secuirty Groups for Workspaces, then give Data domain owners/admins of workspaces rights in active directory to manage their respective secuirty groups.


But this solution open a small sliver of our AAD to end-users, and also end-users would need to go to yet another app to perfrom their jobs.


Is there anything more elegent that anyone has seen? 

Super User
Super User

Don't you have UAM (user access management) tools in your company that handle this PDL management for you?

View solution in original post

Frequent Visitor

@lbendlin  You pointed me to the right direction!

I have found this article: Set up self-service group management - Microsoft Entra ID | Microsoft Learn

I think this will be a great solution. Thank you, PM

Super User
Super User

Don't you have UAM (user access management) tools in your company that handle this PDL management for you?

Sure, there is UAM to handle PDL, but the issue here is that we don't want to route requests through our support desk everytime a Manager wants to add a employee to a Secuirty Group for access to their workspace. We want a solution to allow the manager to manage their own secuirty groups, and data domain owners to manage users memberships in secuirty groups for RLS in Golden Layer Semantic models. I don't want to open Azure Active directory to these Managers or Domain owners. I am looking for an external solution for access management.

Helpful resources

July 2024 Power BI Update

Power BI Monthly Update - July 2024

Check out the July 2024 Power BI update to learn about new features.

July Newsletter

Fabric Community Update - July 2024

Find out what's new and trending in the Fabric Community.