Skip to main content

Power BI

Needs Votes

Add a default role for row level security

Vote (391) Share
Jon Jowsey's profile image

Jon Jowsey on 17 Aug 2016 07:46:21

I want to be able to assign all users (including new ones) to a default role in RLS. Currently I have to assign each user to the role manually, and update the roles manually when users change.

This limits the ability to use RLS with a larger user base.

Comments (32)
Jon Jowsey's profile image Profile Picture

Power BI Ideas Admin on 06 Jul 2020 00:07:48

RE: Add a default role for row level security

Agreed. Users should be able to create RLS and then immediately obtain the Reader role on a Dataset when published up to the service. If more than a reader role is needed then and only then would the solution owner would manage that exception. The norm should be the assignment of Reader. This would eliminate the multiple steps it takes and make it easier for all.

Jon Jowsey's profile image Profile Picture

Kamil Suski on 06 Jul 2020 00:07:18

RE: Add a default role for row level security

Internal users roles can easily be managed by O365 groups.
role called 'Department' - single member in PowerBI: department@company.com

managing actual users to be members of department@company.com distribution group will propagate to powerBI just fine.

me@company.com is member of department@company.com group - I am automatically member of 'Department' role (and see data based on this role DAX filtering)


If you are to grant read only access to anyone outside of the company - user is not
part of "@company.com" he/she will not match anything in local groups.

Solution would be to allow wildcards as members of custom role:

lets say custom role named "Everyone" - with one member: * - effectively matching everyone.
With this setup, role named 'None' as visible in PowerBI Desktop will have no members (every user is forced to be member of "Everyone" role - unless matching filter for other roles)

Another option would be to allow DAX filtering on 'None' role (currently not possible).

Jon Jowsey's profile image Profile Picture

Samuel Vrbovský on 06 Jul 2020 00:03:28

RE: Add a default role for row level security

Please add this feature. This would help immensely.

Jon Jowsey's profile image Profile Picture

Alexander Knight on 05 Jul 2020 23:58:25

RE: Add a default role for row level security

One option could be to use Office 365 Groups to assign all users to the RLS in the service.

Jon Jowsey's profile image Profile Picture

George Tylee on 05 Jul 2020 23:54:07

RE: Add a default role for row level security

To mimic a default role with no permissions, I am experimenting with importing two matching sets of data, one with the true (positive/negative) sign and one with the opposite.
In the 'Manage Roles', the specific role has a DAX filter to only include the correct data.
Thus with no role selected in the web service (the default) a zero sum is shown, but if a role is allocated the actual amount is.

Jon Jowsey's profile image Profile Picture

sai krishna on 05 Jul 2020 23:48:28

RE: Add a default role for row level security

is the RLS available in new workspace yet?

Jon Jowsey's profile image Profile Picture

Jim Budde on 05 Jul 2020 23:45:24

RE: Add a default role for row level security

I am in strong agreement with others on this feature. If someone grants access to a report (there are many at this point) but forgets to add them to a specific role/group, the current default behavior is to grant access to ALL data; a bit backwards logic if you ask me.

Jon Jowsey's profile image Profile Picture

Andi K. on 05 Jul 2020 23:37:44

RE: Add a default role for row level security

Agree - if we could have some role defined for those who are not assigned to a role this would be good.
For the time being I'm using a corporate GMS group to add everyone.

Jon Jowsey's profile image Profile Picture

Sam on 05 Jul 2020 23:29:55

RE: Add a default role for row level security

Would very much like to see this appear in the near future - with a growing amount of users accessing Power BI, the ability to assign a default role that restricts visible data would be incredibly useful.

Jon Jowsey's profile image Profile Picture

James Houck on 05 Jul 2020 23:21:25

RE: Add a default role for row level security

Totally agree - we need the ability to assign a "Default" role to all users. This would add incredible power to RLS so that you are only assigning a different role if needed, rather than for EVERY user.

Merged Idea (1)