Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
We are trying to setup security groups and roles across our client workspace.
Our support staff need access to view workspace content - datasets or reports - so we assigned a viewer role to their security group.
However with viewer role they are not able to see ANY of the content in the workspace? It shows up blank?
I can't believe such an obivous bug would exist so I assume the issue relates to some related setup. Any ideas or suggestions?
Thanks
Moshe
can you explain a little bit more of what you are doing? are you creating RLS (role level security), or how are you applying this access, giving the user direct access to the workspace as a viewer? you would maybe need to screenshot and explain what you have setup and how you expect them to access the data?
Proud to be a Super User!
"Viewer" role will not see datasets,only reports. Do these viewers have pro license? Afaik, users will need pro license to access a workspace unless the workspace is on premium capacity.
Thanks for the response. The workspace is on premium capacity. So you're saying there is no way to give some kind of support read-only license on datasets? We need them to be able to check without having the ability to change anything and Contributor would give them too many permissions?
When you give user "Viewer" role in a workspace, you automatically give the use "Read" permission to the dataset. But you cannot really "Read" a dataset, because the "Read" is done through viewing the report connected to the dataset.
What would you like your user to do? You can manage the dataset permission individually, these are the options :
We are automatically generating client specific workspaces, reports and datasets. We need to give support users the ability to troubleshoot issues which includes
- confirming the dataset made its way to the workspace
- checking any refresh errors on the dataset
- checking the data source mapping - through lineage view
Not sure why there would be a need to hide a dataset from a viewer when there are useful read-only things to be done on a dataset. So we're stuck? WE have to give our support users Contributor role?
Yup, sounds like Contributor role is the minimum that is needed to perform those work.
Do you have any concerns regarding the Contributor role?
Yes Contributor gives too much access - we're aiming for minimum priviledges.
Looks like if we leave them on viewer but we share the dataset like you suggested with Explore/Build access they will have the ability to do what they need.
Thanks for the help
I dont think they can see the dataset in the workspace, even if you give them the build/write/share ( which i find silly ) and still have the Viewer role ( I just tested it). Let me know if it works for you.
This could be an issue too:
You're correct they still can't see the dataset in the list but it at least allows them to access the dataset via the report. We'll have to see regarding the other limitations if its going to be a problem.
The real pain for our support team is the inability to see what data source a dataset is connected too! The only way we know of to do that is to take over the dataset which deletes the existing mapping. Seems like a real oversight.
To update it seems like the issue is when only datasets exist in the workspace. If reports exist then they are visible. Given the specifications of the role I would assume datasets should also show up for viewers. Please let me know.
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
User | Count |
---|---|
34 | |
30 | |
18 | |
12 | |
8 |
User | Count |
---|---|
50 | |
36 | |
30 | |
15 | |
12 |