none
User added to Visitors Group can delete files

    Question

  • Hello. I have created a user and assigned them to the Visitors group on my Power BI beta site, which as I understand it is Read Only. However when they log in to the site and open a document on the Power BI page they have available to them both File, Save As and Open In Excel. When I change the group assignment from Visitor to Excel Services Viewers they do not have access to File, Save As and Open In Excel. However, in both groups (Visitor or Excel Services Viewers) they can access a drop down menu from the ... symbol that appears just below a document thumbnail in the Power BI gallery. This allows them to choose either Share With or Delete.

    I'm not sure if this is the place to report this. It seems to me that someone with Read Only access should not be able to Delete a file.

    Regards

    Arthur Jenkins

    Friday, September 20, 2013 3:55 AM

Answers

  • What you describe is not what I see when I try it.

    A user that is only in the Excel Services Viewers cannot delete files.

    The option to delete is enabled but if you delete it has no effect.

    I agree that it is not the optimal behavior because the option of deleting should not be enabled at all but in effect the user cannot delete.

    Is this different in your case? did you try and delete from such a user and the delete actually worked?

    Dany

    Friday, September 20, 2013 6:36 PM

All replies

  • Hi Arthur

    By default any user you add to the site is part of the members group because this group includes another group called "Every user except external users".

    This is a very "liberal" default setting which means that any user have edit rights to any file .

    If you want to establish more restrictive policy you need to remove this group from the members group at the level of the entire site . From settings/ site settings you can enter site permissions and define the groups for the entire site.

    First you remove the group Everyone except external users from the members group.

    Now no one except the admin has any rights to any file.

    Users who try to access the site will be prompted to ask permissions and you as admin will get a notification and give them permissions as required.

    You can also assign users to groups as you create them and give them view / edit rights as required.

    If you want to have different settings for sub sites/ folders etc. you need to stop the inheriting of rights from the parent site / folder and establish a different structure.

    Dany

    Friday, September 20, 2013 6:58 AM
  • Hi Dany. Thank you for your reply. I have done exactly what you suggested, that is remove the group "Everyone except external users" from the members group at the parent site. However, the user, which is assigned to the "Excel Services Viewers" can still delete files.

    I don't want this user to be able to delete documents from my Power BI library. Is there any way to prevent this?

    Thank you.

    Regards

    Arthur Jenkins

    Friday, September 20, 2013 2:42 PM
  • What you describe is not what I see when I try it.

    A user that is only in the Excel Services Viewers cannot delete files.

    The option to delete is enabled but if you delete it has no effect.

    I agree that it is not the optimal behavior because the option of deleting should not be enabled at all but in effect the user cannot delete.

    Is this different in your case? did you try and delete from such a user and the delete actually worked?

    Dany

    Friday, September 20, 2013 6:36 PM
  • Hi Dany. Thank you for your reply. You are correct. Even though the choice to Delete does appear when I click on the ..., and a message box appears asking if I'm sure that I want to send the item to the recycle bin, it does not delete the file when I click ok.

    Sorry for not trying this first.

    Regards

    Arthur Jenkins

    Saturday, September 21, 2013 9:18 PM