Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.

Reply
DJSAM
Frequent Visitor

Restricting User Access

‎01-20-2021 08:54 AM

I have a workspace setup with an existing report, all users (except the admins) are set to have read acess within the workspace and then I have RLS setup to split the users so they only see data for their respective countries. I now wish to add a new dataset / report and this time I want to ensure only some users in the workspace can see the data on this new dataset. I can't see any way to manage permissions on a per dataset basis (outside of RLS). Under MyNewDataset > Manage Permissions I see a list of all the users on the workspace. All the tickboxes are unchecked (except admins who are dark grey) and I'm not entirely sure what the point of them is as I can't see any buttons that could be tied to the list / tickbox status. I was hoping for some option where I could tick users and remove their access to the dataset.

 

That being the case I added an RLS group with all tables set to false in the desktop app and added all the users who shouldn't have acess to the dataset to it under MyNewDataset > Security. I did initially try to just add one RLS group with no restrictions in the hope that users not assigned to it wouldn't be able to view the dataset (I've read this is how it behaves for other users on this forum) but when testing a user not within this one RLS group was able to see the data in the report. 

 

Is there any better way of doing this without creating a new workspace and if not is there any way to either default users to an RLS group or set it so they have no access if not assigned to a group?

 

Many thanks in advance.

Labels:
Message 1 of 5
1,833 Views
0
1 ACCEPTED SOLUTION
v-robertq-msft
Community Support
Community Support

‎01-22-2021 12:16 AM

Hi, @DJSAM 

In my opinion, the RLS is designed for making the viewers of this report restricted by their role. If you give them the view permission and don’t give them a role in RLS, they can see all the data without restriction. You can keep in mind: the RLS only works for the viewers of the report who don’t have “Build permission” to the underlined dataset. If the end-users get “Build permission” to the dataset, RLS can’t work on them anymore.

Add all the users you want to invite to a Security group and add this group to the RLS role may meet your requirement. You can check this video:

https://guyinacube.com/2020/02/25/can-you-use-groups-with-power-bi-row-level-security-rls/

 

Best Regards,

Community Support Team _Robert Qin

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 4 of 5
1,787 Views
4 REPLIES 4
v-robertq-msft
Community Support
Community Support

‎01-22-2021 12:16 AM

Hi, @DJSAM 

In my opinion, the RLS is designed for making the viewers of this report restricted by their role. If you give them the view permission and don’t give them a role in RLS, they can see all the data without restriction. You can keep in mind: the RLS only works for the viewers of the report who don’t have “Build permission” to the underlined dataset. If the end-users get “Build permission” to the dataset, RLS can’t work on them anymore.

Add all the users you want to invite to a Security group and add this group to the RLS role may meet your requirement. You can check this video:

https://guyinacube.com/2020/02/25/can-you-use-groups-with-power-bi-row-level-security-rls/

 

Best Regards,

Community Support Team _Robert Qin

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 4 of 5
1,788 Views
DJSAM
Frequent Visitor
In response to v-robertq-msft

‎01-29-2021 09:46 AM

Thank you for the response. As you mentioned it turned out the user we got to test it actually had contributer permissions and this is why, despite them not being in the RLS group we setup, they could still access the dataset. So basically me being stupid 🙂 I didn't realise you could use security groups with RLS as well, that could be very helpful in the future, thanks for the video.

Message 5 of 5
1,760 Views
0
darentengmfs
Post Prodigy
Post Prodigy

‎01-20-2021 10:28 AM

@DJSAM 

 

I think you should not add them to the workspace. You should instead share the reports to the people that should have restricted data. I believe if you add people to workspaces, they have full access to data, regardless of setting up RLS.

Message 2 of 5
1,806 Views
0
DJSAM
Frequent Visitor
In response to darentengmfs

‎01-29-2021 09:50 AM

Thanks, as mentioned in the response above if the users have the right permission level (just viewer) they will not be able to access the dataset if an RLS group has been created and they're not assigned to it. I just made a mistake in not realising that the user who tested it had contributor permissions.

Message 3 of 5
1,757 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All