Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
jdevries192
Frequent Visitor

Row Level Security - Shared Dataset Two Reports

‎03-12-2024 10:33 AM

Hi All,

 

I have a question regarding the "Test as role" feature of RLS. Does it take into consideration report sharing permissions for shared datasets?

 

Example:

I have "dataset1" and two reports that utilize the dataset, "report1", "report2". I have "user1" who is assigned an RLS role on dataset1 and has "report1" shared with them. But they do not have "report2" shared with them.

 

"Test as role" seems to show that user1 can access report1 AND report2. Even though report2 is not shared to them (only Direct Access sharing is used on my reports).

 

Is this expected behavior or am I missing something?

Labels:
Message 1 of 4
900 Views
0
1 ACCEPTED SOLUTION
lbendlin
Super User
Super User
In response to jdevries192

‎03-13-2024 07:31 AM

I guess I am jaded because we always allow build access. As soon as you do that report "security" becomes obsolete.

 

Our reasoning is that our job is to help users get insights, not to prevent them from getting access.

View solution in original post

Message 4 of 4
845 Views
3 REPLIES 3
lbendlin
Super User
Super User

‎03-12-2024 03:07 PM

That is expected behavior.  Reports are not protected. Semantic models are, via RLS and OLS.  Hiding a report is purely cosmetic if you give users access to the semantic model.

Message 2 of 4
870 Views
jdevries192
Frequent Visitor
In response to lbendlin

‎03-13-2024 06:08 AM

Are you just talking about hiding a report in the Workspace App? I'm asking only about sharing reports directly. RLS does not give access to a report.

 

I have always understood it as:

1. RLS controls what data you can see (filters the model)

2. Report sharing controls if you can access the report**

**As long as they don't have a Workspace role or have access through the Workspace app

 

If user1 has an RLS role for 1 dataset but does not have access to the report, then in "Test as role" it says "This user does not have access to the dataset or report". See my example below.

 

RLS Role:

jdevries192_1-1710334108789.png

 

View in "Test as Role"

jdevries192_0-1710334085333.png

 

 

When I grant the user "Read" access to the Report, the role works.

Granting user read access:

jdevries192_2-1710334268933.png

 

 

 

No error and report displays:

jdevries192_3-1710334336225.png

 

 

Going back to my original question -

I don't understand why "Test as Role" behaves differently with one report versus two reports connected to the same dataset.

 

test2 report is not shared with the user. But the same error shown above does not show.

jdevries192_5-1710334910080.png

 

Message 3 of 4
857 Views
0
lbendlin
Super User
Super User
In response to jdevries192

‎03-13-2024 07:31 AM

I guess I am jaded because we always allow build access. As soon as you do that report "security" becomes obsolete.

 

Our reasoning is that our job is to help users get insights, not to prevent them from getting access.

Message 4 of 4
846 Views

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All