Solved: How to assign a report to a group?

ROG · ‎10-03-2024

Hello,

I have several reports with some RLS implemented, but since we still need to add users emails on the manage permisison, it makes access control very time consuming.

Is there a way to create groups of users across the business to make access controls easier instead of assigning a report to each person, assign a report to a group?

anmolmalviya05 · ‎10-03-2024

Hi
Yes, you can definitely streamline access control by using Security Groups or Microsoft 365 Groups in Power BI instead of adding individual user emails to each report. Here's how you can simplify access control:

1. Use Azure Active Directory (Azure AD) Security Groups

Create Security Groups in Azure AD (if you have admin rights) and add users to these groups.

In Power BI, when you are setting up Row-Level Security (RLS) or managing permissions, you can assign access to these security groups instead of individual users.

Once a user is added to or removed from a group, their access is automatically managed without needing to update the permissions in each report manually.

2. Microsoft 365 Groups (Office 365 Groups)

Similarly, you can use Microsoft 365 Groups. These groups can also be assigned access to reports and workspaces in Power BI.

Members of the group will have access to the content, and managing the group membership in Microsoft 365 automatically adjusts report access.

3. Assign RLS Roles to Security Groups

When defining roles for Row-Level Security in Power BI, you can assign these roles to Azure AD Security Groups rather than individual users.

Go to Modeling > Manage Roles in Power BI Desktop, and while adding roles, assign the role to a security group instead of adding individual email addresses.

How to Set It Up:

In Azure AD (for Security Groups): Your IT admin can create and manage security groups. Once the groups are set up, you can use them directly in Power BI.

In Power BI Service: While sharing reports or dashboards, go to the Manage Permissions section and add the security group name instead of individual users.

This approach will save you time and ensure that access control is centrally managed, with updates applied automatically when users join or leave a group.

Did I answer your question? Mark my post as a solution! Appreciate your Kudos !!

Let's Connect on LinkedIn: https://www.linkedin.com/in/anmol-malviya/?originalSubdomain=in

@ROG

View solution in original post

Kedar_Pande · ‎10-03-2024

@ROG ,

Yes, you can simplify your access control in Power BI by using Security Groups in Azure Active Directory (Azure AD)

Create Security Groups:
- In the Azure portal, create security groups for the different roles or access levels you need (e.g., Sales Team, Managers, etc.).
- Add the relevant users to these groups.
Define RLS Roles in Power BI:
- In Power BI Desktop, define your RLS roles as usual using DAX expressions.
- Instead of specifying individual users in the Manage Roles section, you will use the group names.
Publish the Report:
- After setting up the roles, publish your report to the Power BI Service.
Assign Security Groups to Roles:
- In the Power BI Service, go to the dataset settings.
- Under Security, assign the created Azure AD security groups to the respective RLS roles.
- This way, all users within a group will inherit the access permissions defined in that role.
Test the Roles:
- Always test the RLS settings to ensure users in the groups see the correct data as expected.

anmolmalviya05 · ‎10-03-2024