Jon Jowsey on 17 Aug 2016 07:46:21
I want to be able to assign all users (including new ones) to a default role in RLS. Currently I have to assign each user to the role manually, and update the roles manually when users change.
This limits the ability to use RLS with a larger user base.
- Comments (32)
- Merged Idea (1)
RE: Add a default role for row level security
Agreed. Users should be able to create RLS and then immediately obtain the Reader role on a Dataset when published up to the service. If more than a reader role is needed then and only then would the solution owner would manage that exception. The norm should be the assignment of Reader. This would eliminate the multiple steps it takes and make it easier for all.
RE: Add a default role for row level security
Internal users roles can easily be managed by O365 groups.
role called 'Department' - single member in PowerBI: department@company.com
managing actual users to be members of department@company.com distribution group will propagate to powerBI just fine.
me@company.com is member of department@company.com group - I am automatically member of 'Department' role (and see data based on this role DAX filtering)
If you are to grant read only access to anyone outside of the company - user is not
part of "@company.com" he/she will not match anything in local groups.
Solution would be to allow wildcards as members of custom role:
lets say custom role named "Everyone" - with one member: * - effectively matching everyone.
With this setup, role named 'None' as visible in PowerBI Desktop will have no members (every user is forced to be member of "Everyone" role - unless matching filter for other roles)
Another option would be to allow DAX filtering on 'None' role (currently not possible).
RE: Add a default role for row level security
Please add this feature. This would help immensely.
RE: Add a default role for row level security
One option could be to use Office 365 Groups to assign all users to the RLS in the service.
RE: Add a default role for row level security
To mimic a default role with no permissions, I am experimenting with importing two matching sets of data, one with the true (positive/negative) sign and one with the opposite.
In the 'Manage Roles', the specific role has a DAX filter to only include the correct data.
Thus with no role selected in the web service (the default) a zero sum is shown, but if a role is allocated the actual amount is.
RE: Add a default role for row level security
is the RLS available in new workspace yet?
RE: Add a default role for row level security
I am in strong agreement with others on this feature. If someone grants access to a report (there are many at this point) but forgets to add them to a specific role/group, the current default behavior is to grant access to ALL data; a bit backwards logic if you ask me.
RE: Add a default role for row level security
Agree - if we could have some role defined for those who are not assigned to a role this would be good.
For the time being I'm using a corporate GMS group to add everyone.
RE: Add a default role for row level security
Would very much like to see this appear in the near future - with a growing amount of users accessing Power BI, the ability to assign a default role that restricts visible data would be incredibly useful.
RE: Add a default role for row level security
Totally agree - we need the ability to assign a "Default" role to all users. This would add incredible power to RLS so that you are only assigning a different role if needed, rather than for EVERY user.