Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
I am working with data that I have imported into PowerBI Desktop and then published to the PowerBI service. I am trying to get Row Level Security (RLS) to work, but it doesn't seem to apply to the users. When I test the role in the RLS screen it works great. However, when one of the users that I set as a member of the the Role logs in, the RLS is not applying. Is there something more at the organizational or global level that I need to turn on for RLS to apply to the users I assign to the roles? If not, any other thoughts on why it would work when doing the Test Data Role feature, but not on the actual user assigned to the role?
Solved! Go to Solution.
With this latest release, it should work with Groups in Power BI. The catch is that the group has to be configured that members have read-only access. Then the role will be applied to the read-only members. If they are marked to have edit rights, the roles will not be applied.
@rrhutch to troubleshoot the problem can you remove user from the role members and save role. Then ask user to log in and check ? (It should not display any visual to that user because RLS is enabled but that user is not part of a role). If that works then great as RLS basic feature is working. Next probably delete your role and create a new one, use different dax filter than previous one, add that user and check. If that works I would say just ignore the previous issue. RLS is still in preview so that is why you can expect few glitches like that. You can also report that issue to MS support (if after trying above options it starts working).
Looks like the issue is that RLS doesn't work when you publish to a Group in Office365. The only way I could get it to work is to publish to My Workspace, then use the Share feature on the Dashboard to allow the person to have access to it.
It would be nice for RLS to apply to users assigned to a group so that they have access to it without having to share it to each individual user.
With this latest release, it should work with Groups in Power BI. The catch is that the group has to be configured that members have read-only access. Then the role will be applied to the read-only members. If they are marked to have edit rights, the roles will not be applied.
Tried so many different things, hitting my head against the wall. Finally this came as a big relief for me. Solved my problem where the Roles were not taking effect in CRM. And the member privacy settings did the trick. Thanks so much!!
Hi @GuyInACube, why the RLS is not working in MS teams. i have create pbix and it has all the RLS functioninng well at cloud/services workspace but when i posted to Teams, seems RLS not supported there. any idea Pls?
Hi Adam,
I followed your useful post on RLS.
I still have an issue when I want to map Power BI (O365) groups row level security roles.
Indeed, I have created one Group on Power BI which name is powerbi_testrls which have read access only as mentioned.
I've created a rôle which name is User US which implement row level security.
When I click on my dataset > security, I see all my organisation emails but I don't see my Power BI Group.
Maxime Gouffé
If you publish your Power BI Desktop report to a workspace within the Power BI service, the roles will be applied to read-only members. You will need to indicate that members can only view Power BI content within the workspace settings.
Note: If you have configured the workspace so that members have edit permissions, the RLS roles will not be applied to them. Users will be able to see all of the data.
Read more at: Using RLS with workspaces in Power BI
I have the same issue. When assigning users to a role o365 groups are not available to assign, even if i copy the e-mail alias for that group. Only old school distribution groups seem to be available to assign.
Am i missing a setting in o365 group set up?
@GuyInACube I hit the same issue. Moreover I am using the newest PBI desktop and shared my reports to my workspace, but it is same as described by @rrhutch.
I have created my question here:
http://community.powerbi.com/t5/Service/Row-Level-security/td-p/47963
Could anybody help me please??
Even when I dont use the USERNAME to filter using security table and write hardoced DAX as.
DimProduct[Category] = “Bikes” || DimProduct[Category] = “Clothing”
I can still see all the categories, when I open the report. When I test role, it shows proper categories.
Was this ever addressed for you? I am experiencing the exact same issue. I've published to a view-only group and a user who has read only access is still able to view the unfiltered data set (but "test" mode looks fine).
Yes, mine is working fine. I assume you have tried removing that person from the group, removing them from the role, and then adding them back into both?
I didn't think to remove the user from the group and then re-add them - but that seemed to make it work. Have you noticed that the RLS becomes finicky when you create roles for datasets for pre-existing groups? In other words, have you found that you've had to remove and re-add people from roles and groups repeatedly to make RLS work?
Glad that worked for you. We didn't utilize Groups much before implementing PowerBI, so I haven't had any interaction with using an exsiting group and PowerBi.
Thanks. Very helpful. I download the newest version of Desktop today, and it is a great feature to setup RLS at that stage.
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
User | Count |
---|---|
34 | |
30 | |
18 | |
12 | |
8 |
User | Count |
---|---|
50 | |
36 | |
30 | |
15 | |
12 |