Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft is giving away 50,000 FREE Microsoft Certification exam vouchers. Get Fabric certified for FREE! Learn more

Reply
Anonymous
Not applicable

Can I limit workspace member, workspace admin to see some sensitive information in a report?

‎10-18-2022 01:07 PM

Hello!

 

I have a shared dataset in workspace A, and all reports published in workspace B.

 

Now I have some workspace admins, workspaces members, workspace viewers for workspace B but these people are just having read and/or build permission on the dataset in workspace A. So these persons can see all the reports in Workspace B. However I don't want some persons to read sensitive information in certain reports like salary, employment type... I set RLS in desktop and also set security of the dataset in workspace A.Could these workspace admins, members, contributors for workspace B can read the salary information or not?

Labels:
Message 1 of 7
1,032 Views
0
2 ACCEPTED SOLUTIONS
Tutu_in_YYC
Super User
Super User
In response to Anonymous

‎10-20-2022 10:18 AM

If you want them to see all data, you dont need to set RLS for them. Just set them as Viewer role in the workspace and do not set RLS on the dataset.

If the dataset requires RLS for other users, then you need to create within RLS another role that doesnt contain any filter.

View solution in original post

Message 6 of 7
937 Views
v-yueyunzh-msft
Community Support
Community Support
In response to Anonymous

‎10-20-2022 08:04 PM

Hi , @Anonymous 

"For members that you do not have configuration permissions for and are still in the B workspace",for these members,Here are the suggestion you can try:

(1)If you want to they see the all data to the dataset , you can add them to the Workspace A (Admin/Member/Contributor) to give them the edit permission of the dataset.

(2)You can also configure the roles in "Security" of the dataset  to these members , then they can then take effect based on the RLS you configure . 

Above all the two , if you don't configure the RLS in "Security" of the dataset and also don't give them the edit permission of the dataset , they will not have permission to the report which create on the dataset .

 

Best Regards,

Aniya Zhang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly

View solution in original post

Message 7 of 7
929 Views
6 REPLIES 6
Anonymous
Not applicable

‎10-19-2022 04:48 AM

Thank you! But these people are not workspace administrator, member and contributor in the dataset workspace. They are just workspace administrator, member and contributor in the reports workspace. I tested it today. When I put some people to the role who can not see sensitive information, it works as those people can not see. However for the others they are not in this role, they should be able to see the whole report but it showed they can not see the report at all because underlying dataset using RLS. I don't understand why this happened. 

Message 3 of 7
970 Views
0
v-yueyunzh-msft
Community Support
Community Support
In response to Anonymous

‎10-19-2022 09:21 PM

Hi , @Anonymous 

When you create RLS in your dataset , You must configure the corresponding role in the "Security" of the Dataset in order for the corresponding person to access the report.
For members that you do not have configuration permissions for and are still in the B workspace, those members also do not have edit permissions relative to the dataset and cannot access the report.

If you want certain members to see all the data, you need to add these members to one of the admin, member, contributor roles in workspace A.

 

Best Regards,

Aniya Zhang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly

Message 4 of 7
959 Views
Anonymous
Not applicable
In response to v-yueyunzh-msft

‎10-20-2022 05:37 AM

Hi,
Thank you very much for your guideance. Just to make sure that "For members that you do not have configuration permissions for and are still in the B workspace, those members also do not have edit permissions relative to the dataset and cannot access the report." Yes, they don't have edit permission for the dataset. So for these members, should I also add them to a role? Because they need to see all the data, should I set a RLS role for them and if so, actually there is no any filter in this RLS.  

Thank you and look forward to your reply. 

Message 5 of 7
946 Views
0
v-yueyunzh-msft
Community Support
Community Support
In response to Anonymous

‎10-20-2022 08:04 PM

Hi , @Anonymous 

"For members that you do not have configuration permissions for and are still in the B workspace",for these members,Here are the suggestion you can try:

(1)If you want to they see the all data to the dataset , you can add them to the Workspace A (Admin/Member/Contributor) to give them the edit permission of the dataset.

(2)You can also configure the roles in "Security" of the dataset  to these members , then they can then take effect based on the RLS you configure . 

Above all the two , if you don't configure the RLS in "Security" of the dataset and also don't give them the edit permission of the dataset , they will not have permission to the report which create on the dataset .

 

Best Regards,

Aniya Zhang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly

Message 7 of 7
930 Views
Tutu_in_YYC
Super User
Super User
In response to Anonymous

‎10-20-2022 10:18 AM

If you want them to see all data, you dont need to set RLS for them. Just set them as Viewer role in the workspace and do not set RLS on the dataset.

If the dataset requires RLS for other users, then you need to create within RLS another role that doesnt contain any filter.

Message 6 of 7
938 Views
v-yueyunzh-msft
Community Support
Community Support

‎10-18-2022 07:11 PM

Hi , @Anonymous 

You have set RLS for the dataset and configured the corresponding security.

For workspace members, Admin, Member, and Contributor will not take effect for RLS, and they will still see all the data for that dataset.

Only the Viewer role for workspaces takes effect for RLS.

 

For more information, you can refer to :
Row-level security (RLS) with Power BI - Power BI | Microsoft Learn

 

Best Regards,

Aniya Zhang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly

Message 2 of 7
984 Views

Helpful resources

Announcements
March PBI video - carousel

Power BI Monthly Update - March 2025

Check out the March 2025 Power BI update to learn about new features.

March2025 Carousel

Fabric Community Update - March 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All