Jon Jowsey on 17 Aug 2016 07:46:21
I want to be able to assign all users (including new ones) to a default role in RLS. Currently I have to assign each user to the role manually, and update the roles manually when users change.
This limits the ability to use RLS with a larger user base.
- Comments (32)
- Merged Idea (1)
RE: Add a default role for row level security
As it is now RLS is basically useless for managing larger numbers of report consumers. Manually adding every role is simply unreasonable and hard to manage in the long run.
RE: Add a default role for row level security
This role would be applied if none of the other roles were applied. This would have two advantages.
1. If an email address or security group was missing from a role, then the default (potentially more restrictive) role would be applied, rather than displaying all data. (Which strikes me as a big security flaw in the current implementation).
2. Would allow row level security to be applied using functions like UserPrincipalName() without having to name everyone with access to the report in a role.
RE: Add a default role for row level security
This is a duplicate of "add a default role for row level security"
https://ideas.powerbi.com/ideas/idea/?ideaid=27a0e121-51c0-4909-94c2-a1dc472a4a49
RE: Add a default role for row level security
Cannot believe there still isnt a solution for this , adding individuals to roles each time is simply to big an issue.
Obviously there is a work around otherwise Microsoft themselves would be asking for it given the number of employee they have.
Simple allow a default role to be assigned to a role in the service, that every users is assigned to without needing anyone to enter this, they can then just maintain the sub-sets ie managers who get additional access. Surely not a big job to do.
RE: Add a default role for row level security
Unbelievable that PowerBI still doesn't have this issue covered... Just give us default READER role that anyone will be granted straightaway so we can prevent the secure data to be seen !
RE: Add a default role for row level security
Please get on this soon. My company is extremely large and manually adding users every time a report is shared is extremely cumbersome in a software that is meant to help automate processes. It should be an option to toggle a default role and assign default permissions every time a new user is granted access so other users can share reports freely while still maintaining security for the more sensitive information. I currently have to disable sharing because otherwise when a report is shared they won't see anything if not assigned to a role and will assume powerbi isn't working. Most don't know they need to ask to also be added to a role.
RE: Add a default role for row level security
This is a badly needed feature for data security.
RLS exists to protect data. Having no default role that can be applied when a user is not a member of assigned groups means all of your data protection is lost in the event that users are not correctly managed outside of Power BI (and with very large enterprises, this can be very challenging to ensure).
I think in most cases, users would want the default to be access to nothing, but as it stands, the default gives users access to everything (because RLS is only applied for users belonging to specified groups).
RE: Add a default role for row level security
Are we still talking about this? Or is there some new way to do this since my last comment over 2 years ago?
I still think it is funny that, there is all these 'data security' features that only work if you assign a role to someone. If someone doesn't have a role... all cool? Just give them all the data.
Go to all the effort to maintain hundreds of users, then that 1 that gets missed walks away with the entire dataset. Sweet.
RE: Add a default role for row level security
Hi, its possible to do this! Just create a role that has full view, and in the service environment security settings add "Everyone" to the role.
RE: Add a default role for row level security
Yes! I agree. This feature is very important. Makes it easier for dynamic role management. I have created a dynamic relationship manager role in my Power BI report but it appears I have to manually add the users to the RM role before it allows them access.