Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
kbjgg
Regular Visitor

RLS working on when Test as User, but external user is getting access denied to underlying dataset

‎06-10-2024 07:38 AM

We have external users that we are trying to give access to one of our Power BI reports, and the RLS is not working.

 

Setup is as follows:

  • We have a PBIX that contains the data
  • We have another PBIX that connects to the data, this contains the visuals and app that the users view from Service

RLS controlled via user list that is filtered on the dataset via account number. In the security role we have:

[UserEmail] = USERPRINCIPALNAME()

 

On the service:

  • We have added them as guests of our 365 environment
  • On the Dataset workspace, the user has been added as a Viewer
  • They have been added to the RLS role
  • When testing as user, the dataset is correctly filtered
  • In the workspace containing the report with the visuals, they have been added to the app within the Audience section

Initially we found that the USERPRINCIPALNAME was in the format of {email}#EXT#@domain.com until the user logged in, then it reverted to their email address. So to allow us to test the role and (in theory) the user log in, we have both variations of the UPN in our RLS user list, but the external users still cannot log in.

 

They get the error "You can't see the content of this report because you don't have permissions to the underlying dataset. The underlying dataaset uses RLS"

 

Annoyingly I have my Gmail account set up as per the above and it is working perfectly fine, the only thing that's different about these users where they are using their own PBI Pro licence from their domain, whereas with my Gmail account we added the PBI licence internally.

 

What am I missing? Any advice greatly appreciated!

 

Labels:
Message 1 of 2
326 Views
0
1 ACCEPTED SOLUTION
kbjgg
Regular Visitor

‎06-10-2024 12:54 PM

I figured the issue out, so thought I would update in the event anyone else has a similar scenario. Whilst I had assigned the users to the RLS role on the data workspace semantic model, I hadn't realised that the same RLS role also applied on the semantic model for the report that only contained the visualisations/app. When I assigned the users to the RLS role in this workspace as well, the issue was resolved. Hope this helps someone else in the future! 

View solution in original post

Message 2 of 2
300 Views
0
1 REPLY 1
kbjgg
Regular Visitor

‎06-10-2024 12:54 PM

I figured the issue out, so thought I would update in the event anyone else has a similar scenario. Whilst I had assigned the users to the RLS role on the data workspace semantic model, I hadn't realised that the same RLS role also applied on the semantic model for the report that only contained the visualisations/app. When I assigned the users to the RLS role in this workspace as well, the issue was resolved. Hope this helps someone else in the future! 

Message 2 of 2
301 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All