Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
etane
Helper II
Helper II

RLS Viewer Can See All Regions

‎09-10-2024 10:33 AM

Hello.

 

My company has 6 regional managers.  We recently hired a new regional manager replacing one who left the company.   So, in my RLS excel regional manager tracker file, I replaced the name and email with the new manager's.  And, at first, I accidentally added the new manager as a contributor in Workspace.  I then changed him to viewer.  

 

However, this manager is now able to view every region in Workspace.  And, when testing his access in Desktop, it works correctly in that he can only see his own region.  I suspect that Workspace is clinging onto his original Contributor designation.  I can't think of another reason as to why he continues to see all other Regions.  Testing all the other regional manager's access in Workspace works.

 

One thing I did to try to fix this issue is remove the new manager from RSL and Workspace access. refreshed all the tables in Workspace, then add the new manager back in.  But, the new manager still has access to all the regions.

 

What could I do to fix this?

Labels:
Message 1 of 9
442 Views
0
1 ACCEPTED SOLUTION
etane
Helper II
Helper II

‎09-10-2024 03:11 PM

So a quick update.  I just had a meeting with said sales manager.  When I look at this share screen via teams, his report IS filtered by region.  It's only when I test his role in Workspace where the region is not filtered for this sales manager's region.  Weird but I guess problem solved.

View solution in original post

Message 9 of 9
403 Views
8 REPLIES 8
etane
Helper II
Helper II

‎09-10-2024 03:11 PM

So a quick update.  I just had a meeting with said sales manager.  When I look at this share screen via teams, his report IS filtered by region.  It's only when I test his role in Workspace where the region is not filtered for this sales manager's region.  Weird but I guess problem solved.

Message 9 of 9
404 Views
Rigensis
Resolver I
Resolver I

‎09-10-2024 10:46 AM

Another suggestion, If the regional managers should only be able to view the report, and not make any changes to them or build their own on the underlying data, then I would suggest to distribute the report through the workspace app. Then you don't need to add any of the regional managers to the workspace at all, only give them access to the app.
This in combination with the RLS you have set up should ensure they only see what they should and you won't have to worry about workspace access levels for any of them

Message 4 of 9
434 Views
0
etane
Helper II
Helper II
In response to Rigensis

‎09-10-2024 01:15 PM

@Rigensis What is a Workplace app?  When I google it, I only see a Citrix solution.

Message 5 of 9
414 Views
0
Rigensis
Resolver I
Resolver I
In response to etane

‎09-10-2024 02:24 PM

@etane Just checked that I have not misspelled on my original post: Workspace app (not workplace). It is a way to distribute your reports. In every PBI workspace, when you have opened it, near top right corner there is a button 'publish app' where you can configure what isers eill be able to access it and what reports from the workspace they will see. 
This can be seen as something similar as giving the user a viewer access to workspace, but distributing the reports this way completely eliminates the need for users to have access of any level to the workspace itself, which in your case will ensure that the security setup will be enforced.

Message 6 of 9
406 Views
0
etane
Helper II
Helper II
In response to Rigensis

‎09-10-2024 03:07 PM

@Rigensis sorry I mystyped in previous post I did mean workspace not workplace and google results did only have citrix but... ok I see what you mean.  However, I don't have reports separated by region per app.  Every report in the app has nationwide data.

Message 7 of 9
403 Views
0
Rigensis
Resolver I
Resolver I
In response to etane

‎09-10-2024 09:59 PM

Sure, but as I understand your report has RLS in it, so when the user who is part of the app and the RLS setup will open up the app, they should only see the region RLS allows them to see

Message 8 of 9
385 Views
0
Rigensis
Resolver I
Resolver I

‎09-10-2024 10:44 AM

This might be a step you have already done but worth mentioning in case you have not.
Have you added the new manager to the relevant RLS group in Dataset options > Security?

Furthermore, maybe by chance he has been added both to a 'no RLS' group and the respective region group, but the 'no RLS' group overrides the smaller access. 

Message 2 of 9
435 Views
0
etane
Helper II
Helper II
In response to Rigensis

‎09-10-2024 01:15 PM

@Rigensis  Yup I added user to the Regional Manager group and not to the All Access group.

Message 3 of 9
414 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All