I have a report that I have successfully added RLS to in order to limit views based on user roles within the company.

The issue I am now up against is that in order for RLS to work, someone has to be added to the entire workgroup as a viewer, because you cannot assign viewer only in the Manage Permissions -> Direct Access of the model in Service.  I have an executive report in the workspace as well that is only for certain people, as opposed to filtering data based on org group.

Do I now need to enable RLS on every report within the workspace to keep restricted viewers from seeing the other executive reports?  Or is there a way to only give certain members of the workgroup access to certain reports?