Jon Jowsey on 17 Aug 2016 07:46:21
I want to be able to assign all users (including new ones) to a default role in RLS. Currently I have to assign each user to the role manually, and update the roles manually when users change.
This limits the ability to use RLS with a larger user base.
- Comments (25)
RE: Add a default role for row level security
Are we still talking about this? Or is there some new way to do this since my last comment over 2 years ago?
I still think it is funny that, there is all these 'data security' features that only work if you assign a role to someone. If someone doesn't have a role... all cool? Just give them all the data.
Go to all the effort to maintain hundreds of users, then that 1 that gets missed walks away with the entire dataset. Sweet.
RE: Add a default role for row level security
Hi, its possible to do this! Just create a role that has full view, and in the service environment security settings add "Everyone" to the role.
RE: Add a default role for row level security
Yes! I agree. This feature is very important. Makes it easier for dynamic role management. I have created a dynamic relationship manager role in my Power BI report but it appears I have to manually add the users to the RM role before it allows them access.
RE: Add a default role for row level security
Agreed. Users should be able to create RLS and then immediately obtain the Reader role on a Dataset when published up to the service. If more than a reader role is needed then and only then would the solution owner would manage that exception. The norm should be the assignment of Reader. This would eliminate the multiple steps it takes and make it easier for all.
RE: Add a default role for row level security
Internal users roles can easily be managed by O365 groups.
role called 'Department' - single member in PowerBI: department@company.com
managing actual users to be members of department@company.com distribution group will propagate to powerBI just fine.
me@company.com is member of department@company.com group - I am automatically member of 'Department' role (and see data based on this role DAX filtering)
If you are to grant read only access to anyone outside of the company - user is not
part of "@company.com" he/she will not match anything in local groups.
Solution would be to allow wildcards as members of custom role:
lets say custom role named "Everyone" - with one member: * - effectively matching everyone.
With this setup, role named 'None' as visible in PowerBI Desktop will have no members (every user is forced to be member of "Everyone" role - unless matching filter for other roles)
Another option would be to allow DAX filtering on 'None' role (currently not possible).
RE: Add a default role for row level security
Please add this feature. This would help immensely.
RE: Add a default role for row level security
One option could be to use Office 365 Groups to assign all users to the RLS in the service.
RE: Add a default role for row level security
To mimic a default role with no permissions, I am experimenting with importing two matching sets of data, one with the true (positive/negative) sign and one with the opposite.
In the 'Manage Roles', the specific role has a DAX filter to only include the correct data.
Thus with no role selected in the web service (the default) a zero sum is shown, but if a role is allocated the actual amount is.
RE: Add a default role for row level security
is the RLS available in new workspace yet?
RE: Add a default role for row level security
I am in strong agreement with others on this feature. If someone grants access to a report (there are many at this point) but forgets to add them to a specific role/group, the current default behavior is to grant access to ALL data; a bit backwards logic if you ask me.