the title pretty much says it all.
I have set up a PBIX with dynamic RLS. Report viewers are only supposed to see employee data for their subordinates. The dataset contains only one role called "Teamleader".
The report is published via an app. On the dataset level, on the "security" tab, I have assigned 2 security groups to that role.
When I use the "view as role" feature, everything works nicely. I only see employee data for my own staff. If I view the report as another user (let's call him John Doe), this also works as expected.
However, the actual John Doe just got in touch with me and informed me that he can see the records for all employees.
How is this possible? I already tried / verified the following:
- John Doe is a member of one of the 2 security groups that are assigned to the "Teamleader" role
- John Doe's access level to the app workspace is "App".
- I assume this is not a modelling issue since the desired filter logic works with the "view as" feature, both in the Service and in PBI Desktop.