Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
Anonymous
Not applicable

RLS with Multiple Reports using Shared Dataset

Hi All,

 

Ever since the new workspace experience went GA my team and I have been big fans of the shared dataset feature. We've been working to replace disparate reports that are replicating the same data over and over to shared datasets that ensure consistency and leave less to maintain.

I've encountered an issue with two reports. For context, I'm an analyst in the technical support division of a software company. Support data is considered confidential when any personal identifiable information (PII) is present (such as a name, email, phone or ID) but not when it's based on non-PII like product name or version.

 

Report "One" sits in one app and presents support data based on each agent that owned it in technical support. Only agents and their managers have access, and there is RLS that only allows agents to see their own data and managers can only see their direct reports.

Report "Two" sits in another app and contains the same support data, however it is presented based on product, has no reference to the person who handled it. Everyone in the company can see this data since it has no PII.

The underlying datasets in both are identical and massive. However, I encounter an issue with RLS. There is one rule for restrictive RLS in report ONE and another with no RLS. There are users who exist in both apps but because I can't identify what app the user is accessing I can't prevent both rules from triggering when a user is logged in.

Any ideas on how to overcome this?

Here is the error that is being encountered:

error messageerror message






Here is a simplified representation of my data model:

sample data modelsample data model

 

 

4 REPLIES 4
Anonymous
Not applicable

Hey @GilbertQ ,

Unfortunately adding the all the users to the workspace isn't feasble for us. The app contains 1,000+ users that we don't want in the workspace where developers have files in development (not yet ready for publication in the app).

But for a test, I attempted to do so and both rules still triggered.

v-xicai
Community Support
Community Support

Hi @Anonymous ,

 

Currently, RLS set for one shared dataset will take effect for all the related reports.  It is not supported to set more than one security access for one shared dataset in Power BI currently. While your demand is a good idea , and you can post your new idea in Idea Forum , add your comments there to improve Power BI and make this feature coming sooner.

 

Best Regards,

Amy 

 

Community Support Team _ Amy

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Anonymous
Not applicable

Hey @v-xicai ,

Thanks for looking into it! Unfortunately it doesn't seem like this is possible with the current version. It would be nice if I could apply a metadata field for what app the user is currently logged into like userprincipalname(). With shared datasets I see multi-app deployments being more common. 

Alternatively, if PowerBI had column based security (like Tableau has for many years) this wouldn't be an issue. I could simply apply rules to individual columns based on role, making some "general use" and others more restrictive"

It looks like that 2nd idea already exists, I'm going to vote for that idea here

GilbertQ
Super User
Super User

Hi there

It would appear that this is because the RLS is being defined at the dataset level.

What if you had to add the users in the second app as members to the app workspace?

This would then overwrite the RLS in the second app and allow them to then see all the data?




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Helpful resources

Announcements
Europe Fabric Conference

Europe’s largest Microsoft Fabric Community Conference

Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.

Power BI Carousel June 2024

Power BI Monthly Update - June 2024

Check out the June 2024 Power BI update to learn about new features.

PBI_Carousel_NL_June

Fabric Community Update - June 2024

Get the latest Fabric updates from Build 2024, key Skills Challenge voucher deadlines, top blogs, forum posts, and product ideas.

RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

Top Solution Authors