Solved: Invite external users

ViniciusMiloch · ‎05-10-2024

Hey guys.

We are facing a difficulty when inviting external users into the organization and assigning access and respecting the RLS security of the PBI project.

When adding an email with your own domain

example@dominioprorios.com.br

The guest user manager changes the email to live.com#exemplo@dominioprorios.com.br. This means that the user is unable to access the project.

v-yohua-msft · ‎05-13-2024

Hi, @ViniciusMiloch

Thanks for the reply from @lbendlin , please allow me to provide addititon:

The behavior you observe is part of how Microsoft handles external users who don't have existing Microsoft or Office 365 accounts. This process creates a Microsoft account associated with the original email, allowing external users to access the resources shared with it. This is expected behavior and should not itself block access to the project as long as the external user uses the email to complete the Microsoft account registration process.
The Invite external users to your organization feature is enabled in the Power BI admin portal. For more information, see Invite external users to your organization:

Export and sharing tenant settings - Microsoft Fabric | Microsoft Learn

Assign access and comply with RLS, assigning the Viewer role to external users in the workspace where RLS-protected content resides. This ensures that they can only see the data they are allowed to view.
Configure RLS in a Power BI Desktop file by defining roles and rules, and then publish it to the Power BI service. For more information about setting up RLS, visit Use row-level security (RLS) with Power BI:

Row-level security (RLS) in Power BI Report Server - Power BI | Microsoft Learn

How to Get Your Question Answered Quickly

Best Regards

Yongkang Hua

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

v-yohua-msft · ‎05-13-2024

Hi, @ViniciusMiloch

Thanks for the reply from @lbendlin , please allow me to provide addititon:

The behavior you observe is part of how Microsoft handles external users who don't have existing Microsoft or Office 365 accounts. This process creates a Microsoft account associated with the original email, allowing external users to access the resources shared with it. This is expected behavior and should not itself block access to the project as long as the external user uses the email to complete the Microsoft account registration process.
The Invite external users to your organization feature is enabled in the Power BI admin portal. For more information, see Invite external users to your organization:

Export and sharing tenant settings - Microsoft Fabric | Microsoft Learn

Assign access and comply with RLS, assigning the Viewer role to external users in the workspace where RLS-protected content resides. This ensures that they can only see the data they are allowed to view.
Configure RLS in a Power BI Desktop file by defining roles and rules, and then publish it to the Power BI service. For more information about setting up RLS, visit Use row-level security (RLS) with Power BI:

Row-level security (RLS) in Power BI Report Server - Power BI | Microsoft Learn

How to Get Your Question Answered Quickly

Best Regards

Yongkang Hua

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.