MicrosoftThis implementation does not take into account least privilege principles. There are use cases when you create a workbook and are only wanting to share that workbook without granting the user access to all the data in the workspace. The workspace will likely have a lot of Security data, access to which should only assigned based on the role.
Assigning reader access to whole workspace should not really be required when you only want to grant the given user access to a single workbook. It should work with granting them reader access for the specific underlying tables that make up the visualizations in the workbook. I have tried to see if this worked and it does not. I am also using functions within the workspace to parse the tables from which data is sourced. I was told by Microsoft support that since I am using a function, and the user does not have access to the function, they are not able to see the data in the workbook. This implementation makes little sense from least privilege principles.
