Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Compete to become Power BI Data Viz World Champion! First round ends August 18th. Get started.

Reply
gdbaum
Frequent Visitor

Data masking - RLS

Hi community, I am lost with masking of usernames. 


We have team managers that are responsible for teams and users. My (simplified) data model is as below.
A fact table with number of actions by users. A dimension table with users and teams. With a relation between UserTeam-dimension and fact table on User(ID). Then a disconnected RLS table and a role that filters RLS table by logged in manager on userprincipalname.
If mgr1@email logs in the RLS table gets correctly filtered, for users 1, 2 and 3.

The result should be a table or chart where all data for teams and actions is shown. But usernames only exposed according to the logged in manager. Usernames of other teams should be masked.

 

The idea seemed to be easy. Like this - If user to be shown in result table/chart is given in filtered RLS table then show the user, if not then mask. Or as alternative, if maybe pssible by appropriate relations, show blank if user is not given in filtered RLS. Actually in my dataset I have teams and users in separate tables, combined with a relation table connected to fact table. That should make it possible to show teams, but not users. 

 

Have tried many ways, for example to add a calculated column with LOOKUP, CONTAINS on fact userid = RLS userid etc. But all failed. Lookup for example brings "true" for all users, even if the RLS table is filtered.

My first try was with a relation between RLS and User table. But this simply filters on users 1/2/3 and excludes users 4/5/6.

Also strange, a relation between RLS and User table apparently did work in desired way in the past in published report. But all of a sudden, after data refresh or re-publish it got lost.

 

Would be more than happy if someone can guide me to a solution. 
Many thanks in avance!

 

Gerhard 

Mask RLS.png

 

2 REPLIES 2
lbendlin
Super User
Super User

The purpose of RLS is to restrict access to rows, not to modify the contents of columns in a row.  What you are trying to achieve needs to be done outside of / in addition to RLS.

Thanks Ibendlin!

Understand that RLS purpose is to restrict access to rows.

Just thought there,might be some trick to (mis)use RLS for masking data ... as some kind of lookup. 

As for my example. mgr1@email view secured by RLS showing users 1/2/3, that's ok. But if something like outer lookup to users table is null/false than do not exclude users like 4/5/6, but show them masked

 

Helpful resources

Announcements
July 2025 community update carousel

Fabric Community Update - July 2025

Find out what's new and trending in the Fabric community.

July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.