Graphed LogoGraphed
Login

How to Remove RLS in Power BI

Cody Schneider

Removing Row-Level Security (RLS) from your Power BI report is a straightforward but essential task, especially when user permissions change, a report’s audience expands, or you’ve finished the testing phase. Getting this wrong can either expose data to the wrong people or prevent the right people from seeing what they need. This article walks you through exactly how to remove RLS in both Power BI Desktop and the Power BI Service, clarifies why you might need to, and offers some best practices to avoid common mistakes.

Why Would You Need to Remove RLS?

Before diving into the "how," it's helpful to understand the "why." You'll typically find yourself needing to remove or adjust Row-Level Security in a few common scenarios.

Testing and Development

While building a report, developers often create test roles to see how the report will look from different user perspectives. You might create a "Regional Manager - North" role or a "Sales Rep - Jane Doe" role to validate that the filters work correctly. Once development is complete and the report is ready for production, you might remove these specific test-only roles to clean up the model before publishing.

Organizational Changes and Role Updates

Businesses are never static. People get promoted, change departments, or leave the company. A sales manager who could only see their team’s data might get promoted to a director role and suddenly need visibility across all sales teams. In this case, you would need to remove them from their original, more restrictive role and potentially grant them wider access. Removing users from specific RLS roles is a common administrative task.

Simplifying a Report for a Broader Audience

Imagine you built a detailed financial report with RLS for the executive team, with each member only able to see their department's P&L. Later, there's a request to create a high-level summary version of that same report for all department heads. Instead of restricting the data, you want everyone to see the full, aggregated picture. In this case, you could duplicate the report and remove the RLS rules entirely to create a simplified, universally visible version.

Troubleshooting and Debugging

Sometimes, a user will report that they can't see the data they're supposed to. Is it a problem with the data model, a relationship, or the RLS rules? One of the fastest ways to diagnose the issue is to temporarily remove the user from their RLS role in the Power BI Service. If they can suddenly see all the data, you know the problem lies within your RLS DAX filters. This helps you narrow your focus and find the bug more efficiently.

Locating and Removing RLS Rules in Power BI Desktop

Defining and deleting the structure of your security roles happens in Power BI Desktop. This is where you write the DAX filters that power RLS. If you want to permanently remove a security rule from your report, you must do it here and then republish your file to the Power BI Service.

Step 1: Open the 'Manage Roles' Window

First, open your .PBIX file in Power BI Desktop. Once it's loaded, navigate to the Modeling tab in the main ribbon at the top of the window. In the "Security" section of this tab, you will see two options: "Manage Roles" and "View as." Click on Manage Roles.

Step 2: Identify the Role to Be Removed

The "Manage roles" window will pop up. On the left side, there's a pane labeled Roles. This pane displays a list of all RLS roles that have been created in this data model. Scan through this list and find the specific role (or roles) you want to get rid of.

Step 3: Delete the Role(s)

To delete a role, simply select it by clicking its name in the list. Once it’s highlighted, click the Delete button. Power BI will ask for confirmation before permanently removing the role. Confirm the deletion, and the role will disappear from the list.

  • You can repeat this process for multiple roles if you need to remove more than one.

  • Alternatively, you can highlight the role and press the Delete key on your keyboard.

Alternative: Clearing DAX Rules Without Deleting the Role

Sometimes you don't need to delete the entire role, but you want to neuter it by removing its filtering logic. This can be useful if you think you might need the role again later and don't want to recreate it from scratch.

In the "Manage roles" window, select the role you want to edit. Then, look at the Tables section in the middle of the window. Any table with a DAX filter will have a filter icon next to it. Simply click on the table, clear the expression from the Table filter DAX expression box, and click "Save." The role will still exist, but it will no longer filter any data.

Step 4: Save and Republish

After you have deleted the roles or cleared the DAX expressions, click Save inside the "Manage roles" window. The most crucial final step is to save your .PBIX file. For the changes to take effect in the Power BI Service, you must then Publish the report again, overwriting the existing version.

Managing RLS Assignments in Power BI Service

A more common day-to-day task is not deleting a role but simply removing a person from a role. This action happens in the Power BI Service and does not require you to edit the .PBIX file. Remember the key difference: Desktop is for designing the roles, the Service is for assigning people to them.

Step 1: Navigate to the Dataset Security Settings

Log in to your Power BI account and go to the workspace containing the report and its corresponding dataset. Locate the dataset that the report is built on (it often has the same name as the report and has a different icon). Hover over the dataset, click the ellipsis (...), and select Security from the menu.

Step 2: Select the Security Role

This will take you to the "Row-Level Security" page. On the left, you'll see a list of the roles you created in Power BI Desktop. Click on the role you wish to manage.

Step 3: Remove Users or Security Groups

Once you select a role, the pane on the right will display a list of all the users and security groups that have been assigned to it. To remove someone, just find their name or the group's name in the list and click the small "X" to the right of it. Their name will disappear from the list immediately.

You’re not asked for confirmation, but don't worry - the change is easy to undo. If you removed someone by mistake, you can simply add them back by typing their email address into the input box and clicking "Add."

Step 4: Save Your Changes

Make sure to click the Save button after adding or removing users. Unlike deleting, which happens instantly, clicking save commits the changes to the user list. The user's data access will update immediately (they may need to refresh their browser to see the effect).

Best Practices and Common Pitfalls

Managing security can feel nerve-wracking, but following a few simple best practices will help you avoid common issues.

  • Back Up Your File: Before deleting multiple RLS roles in Power BI Desktop, it’s always a good idea to save a separate backup copy of your .PBIX file. If you make a mistake, you can easily revert to the previous version.

  • Understand Role Combinations: Power BI applies the union of permissions. If a user belongs to two roles - one that filters data to "USA" and another that filters to "Canada" - they will see data for both the USA and Canada. Removing them from the "USA" role doesn't mean they gain full access, they will still be restricted by the "Canada" role. Be aware of all roles a user is assigned to.

  • Desktop vs. Service Logic: Remember the division of labor. Deleting a user in the Power BI Service only removes their assignment. The role itself still exists. To permanently delete the role from the entire system, you must do so in Desktop and republish.

  • Test Before Announcing: In both Desktop and the Service, use the "View as" or "Test as role" features to check your work. Before you tell a user their permissions have been updated, test the report from their perspective to ensure the change had the desired effect.

Final Thoughts

Effectively managing row-level security is a key part of maintaining a clean and secure Power BI environment. Whether you're deleting outdated roles in Power BI Desktop or just updating user assignments in the Power BI Service, the process is simple once you understand where to look and the proper workflow to follow.

While mastering specific features in tools like Power BI is a valuable skill, the true goal is always to get clear, actionable insights into the hands of your team with minimal friction. This principle is why we built Graphed. Instead of spending hours building complex reports and managing security layers, you can connect your data sources in seconds and create real-time dashboards simply by describing what you need in plain English, allowing your team to get immediate answers and make better decisions, faster.