Jon Jowsey on 17 Aug 2016 07:46:21
I want to be able to assign all users (including new ones) to a default role in RLS. Currently I have to assign each user to the role manually, and update the roles manually when users change.
This limits the ability to use RLS with a larger user base.
- Comments (32)
- Merged Idea (1)
RE: Add a default role for row level security
Any updates on this? I need this function very much for a group a couple of hundred people all over the world, changing everyday!
RE: Add a default role for row level security
I just realised Other User allows you to check against a specific users email. Bugger.
RE: Add a default role for row level security
It is interesting that when you click 'View as roles' there is a 'None' and an 'Other user'.
Other user' is defined nowhere and we don't have the ability to set the rules on it... so why have it? Maybe they are preparing for this feature and allow us to set a rule against 'Other User' that is defined to anyone that has accessed but not yet given a role.
RE: Add a default role for row level security
Agree to that it is a simple but very helpful feature. Having to add user to a RLS is very cumbersome
RE: Add a default role for row level security
It would also help when trying to give minimal access by default. If no roles were passed, the default role could block most, if not all, data. This would allow you to create reports that require a role in order to see any data instead of the lack of a role showing all data.
RE: Add a default role for row level security
If the 'Manage Roles' dialog had a 'default' option to set table filters for users who had no role assigned, the problem would be solved from my point of view.
RE: Add a default role for row level security
I would very much appreciate this functionality as well. If you have a large userbase that is changing frequently you really need a default role!
RE: Add a default role for row level security
Fully agree. This functionality is very much needed to simplify access management.
RE: Add a default role for row level security
I agree with this aswell. It should be something like 'User Level Security' where anyone that has not been assigned a role can have their data scoped down by attributes found on the Username () model.
For example 'jay.killeen@domain.com' accesses the report and has no role assigned. Behind the scenes PowerBI finds my Username () .
Option 1. Username () inner joins on my User model by matching Username () -> User.email. All other models are inner joined on User therefore all data is then scoped down by the single entity User that has been matched by Username () .
Option 2. Username () itself in AD has fields such as Division, Region or even Role etc and rules can be set (similar to existing RLS Table Filter rules) that utilise the value of these fields.
Under Option 2 you might have a rule on the Region table that sets Region.Code = Username () .RegionCode.
This way anyone logging in, that has no role assigned could have filters applied based on the User Level Security filters.
I'd then simply be able to set my rules by user and expect my 1000+ members to be scoped down based on those rules and their attributes can be managed centrally in AD.
This is how it is done in web frameworks such as Ruby on Rails (see the Pundit Gem or CanCan)
RE: Add a default role for row level security
Were you able to find a solution for this issue? I have the same problem...