Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started
Currently I have RLS applied on my model allowing users to access certain level of access based on a mapping table I have maintained. My mapping table is of the the below schema storing the UPNs of users and their level of access:
User | Level of access |
A | Region |
B | Country |
C | Country |
D | City |
E | Region |
Now, it works fine for all the users but everytime a new user needs access I have to modify this table.
I wanted to hence change this table to the below schema so I dont need to modify the table and adding the user to the group would be enough.
Group | Level of access |
A | Region |
B | Country |
C | City |
Any idea how I could link the logged in user with the groups or get the group through which the user has access to the dashboard while applying RLS in the model?
Solved! Go to Solution.
On Power BI Service, you can add security group as member of a role. See: Row-level security (RLS) with Power BI
In this scenario, you can create security groups on O365 admin center: Create, edit, or delete a security group in the Office 365 admin center. Then add all users into corresponding security group. Now you will not need that "mapping" table in your model.
Regards,
Any documentation? I have a vendor wanting to build an AD Group and then use RLS to provide what can and can't be seen in the application.
We build an AD group. I believe in is pushed to the Azure AD. Will that be sufficient? What else is needed?
On Power BI Service, you can add security group as member of a role. See: Row-level security (RLS) with Power BI
In this scenario, you can create security groups on O365 admin center: Create, edit, or delete a security group in the Office 365 admin center. Then add all users into corresponding security group. Now you will not need that "mapping" table in your model.
Regards,
Please note from the link that Office 365 groups are not supported.
https://learn.microsoft.com/en-us/power-bi/enterprise/service-admin-rls
Is it possible to split members of an AD Group into separate RLS roles? I have an AD Group called PBI-Expense with 10 members, say A-J. Then I have 2 RLS roles - Dept1 and Dept2. Can I share the report to the PBI-Expnse AD group and then for RLS add members A-E to Dept1 role and F-J to Dept2 role?
The idea is I want to share reports to large groups by sharing to AD groups. But then for RLS, I want to be able to assign individual members to different roles instead of the whole group to a single role.
Any ideas on how to do this?
Thanks,
Ferdinand
Just finished testing and was able to confirm that individual members of an AD group can be assigned to different RLS roles. Sharing to the AD group gives members access to the report but the RLS role an individual is assigned is what determines what data the user sees.
How do i achieve this?. Any documentation available?.