Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Power BI is turning 10! Let’s celebrate together with dataviz contests, interactive sessions, and giveaways. Register now.

Reply
Kvingur
New Member

Security group with workspace member role - does not have access to report using RLS

‎02-13-2025 02:13 AM

Hi

I have a workspace where I added a security group with the member role. 

 

The workspace has a dataset with Row Level Security. According to the role guide, only the viewer role uses RLS but for other roles in the workspace, RLS does not apply. So I thought the members of the security group would be able to see and access the report and dataset with RLS. 

However, the members of the security group, they had no access to the report or dataset until I added the security group as a role member in the RLS security setup for the dataset. 

 

Are security group members handled differently to individual users in a workspace regarding access to datasets with RLS?

Labels:
Message 1 of 3
225 Views
0
1 ACCEPTED SOLUTION
nilendraFabric
Community Champion
Community Champion

‎02-13-2025 03:21 AM

Hello @Kvingur 

RLS behaves differently depending on the workspace role assigned to users or groups.

 

  • RLS only applies to users with the Viewer role in a workspace. Users with AdminMember, or Contributor roles are not subject to RLS and can access all data in the dataset without restrictions
  • This means that if a security group is assigned the Member role in a workspace, its members will have full access to all data in the dataset, bypassing any RLS filters.
  • When you added the security group with the Member role in the workspace, RLS was not applied because this role bypasses RLS.
  • However, since they were not explicitly assigned to an RLS role in the dataset, they could not access any data due to lack of proper permissions

 

Best practices:

  • Use Viewer roles for users or groups that need restricted access based on RLS filters.
  • Assign security groups directly to RLS roles within the dataset’s security settings. This ensures that all members of the group inherit the appropriate row-level permissions dynamically

 

Please accept the answer if this helps 

 

View solution in original post

Message 2 of 3
190 Views
0
2 REPLIES 2
Kvingur
New Member

‎02-13-2025 03:26 AM

Thank you very much for the good answer @nilendraFabric  🙂 This explains it.

Message 3 of 3
186 Views
0
nilendraFabric
Community Champion
Community Champion

‎02-13-2025 03:21 AM

Hello @Kvingur 

RLS behaves differently depending on the workspace role assigned to users or groups.

 

  • RLS only applies to users with the Viewer role in a workspace. Users with AdminMember, or Contributor roles are not subject to RLS and can access all data in the dataset without restrictions
  • This means that if a security group is assigned the Member role in a workspace, its members will have full access to all data in the dataset, bypassing any RLS filters.
  • When you added the security group with the Member role in the workspace, RLS was not applied because this role bypasses RLS.
  • However, since they were not explicitly assigned to an RLS role in the dataset, they could not access any data due to lack of proper permissions

 

Best practices:

  • Use Viewer roles for users or groups that need restricted access based on RLS filters.
  • Assign security groups directly to RLS roles within the dataset’s security settings. This ensures that all members of the group inherit the appropriate row-level permissions dynamically

 

Please accept the answer if this helps 

 

Message 2 of 3
191 Views
0

Helpful resources

Announcements
June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

May 2025 Monthly Update

Fabric Community Update - May 2025

Find out what's new and trending in the Fabric community.

View All