Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
JustinDoh1
Post Prodigy
Post Prodigy

Need help with DAX expression on RLS

‎04-03-2025 02:45 PM

I have attached PBIX file here.

 

I am trying to modify the bottom DAX so that it meets the condition of AccessToAllLocations = 'Yes' as I intended.

 

Bottom is current DAX that I have for RLS:

 

VAR _Role = MAXX(
                               FILTER( 'tblPBIGroup', 'tblPBIGroup'[User] = USERPRINCIPALNAME() ),
                               'tblPBIGroup'[AccessToAllLocations]
                                )
RETURN IF
( _Role = "Yes", TRUE(),
[User] =  USERPRINCIPALNAME()
)
 
I have two tables that are related to RLS:
1. 'tblPBISecurity' - this has all locations listed.
JustinDoh1_3-1743716192972.png

 

2. Second table is 'tblPBIGroup', which indicates that "AccessToAllLocations" is either 'Yes' or 'No'.
The issue that I am having is when "AccessToAllLocations" is 'Yes', it should allow access to both locations 'ART' and 'CAL', but it only allows access to the location that is/are listed on tblPBIGroup (so in this case, it would only allow access to 'CAL' even though "AccessToAllLocations" is 'Yes').
JustinDoh1_0-1743715367198.png

 

Bottom is expectation of results (indicated on inside screenshot):

 

JustinDoh1_2-1743716015156.png

 

 How can it be achievable?

 

Thanks for help.

Labels:
Message 1 of 7
517 Views
0
1 ACCEPTED SOLUTION
v-pnaroju-msft
Community Support
Community Support

‎04-08-2025 04:42 AM

Hi JustinDoh1,

Based on my understanding, the Security Cross Filtering error arises due to the Apply security filter in both directions setting. Kindly uncheck this option in the relationship between tblPBIGroup and tblPBISecurity, and set the direction to Single from tblPBIGroup to tblPBISecurity. Then, reapply the DAX expression to tblPBISecurity. This should help resolve the issue.

  1. For handling multiple locations, please use the updated DAX expression below:
    VAR _User = USERPRINCIPALNAME()

    VAR _AccessToAll = MAXX(FILTER('tblPBIGroup', 'tblPBIGroup'[User] = _User), 'tblPBIGroup'[AccessToAllLocations])

    VAR _UserLocations = FILTER('tblPBIGroup', 'tblPBIGroup'[User] = _User)

    RETURN

    IF(

    _AccessToAll = "Yes",

    TRUE(),

    'tblPBISecurity'[Group] IN SELECTCOLUMNS(_UserLocations, "Location", 'tblPBIGroup'[Location])

    )

    This logic allows users to access multiple locations as listed in the tblPBIGroup table.

    2.The TRUE() function grants unrestricted access to all rows in tblPBISecurity when AccessToAllLocations is set to Yes. Otherwise, it restricts access based on the specific locations.

     

    If you find this response helpful, kindly mark it as the accepted solution and consider giving kudos. This will be beneficial for other community members facing similar queries.

    Thank you.

View solution in original post

Message 6 of 7
345 Views
6 REPLIES 6
v-pnaroju-msft
Community Support
Community Support

‎04-08-2025 04:42 AM

Hi JustinDoh1,

Based on my understanding, the Security Cross Filtering error arises due to the Apply security filter in both directions setting. Kindly uncheck this option in the relationship between tblPBIGroup and tblPBISecurity, and set the direction to Single from tblPBIGroup to tblPBISecurity. Then, reapply the DAX expression to tblPBISecurity. This should help resolve the issue.

  1. For handling multiple locations, please use the updated DAX expression below:
    VAR _User = USERPRINCIPALNAME()

    VAR _AccessToAll = MAXX(FILTER('tblPBIGroup', 'tblPBIGroup'[User] = _User), 'tblPBIGroup'[AccessToAllLocations])

    VAR _UserLocations = FILTER('tblPBIGroup', 'tblPBIGroup'[User] = _User)

    RETURN

    IF(

    _AccessToAll = "Yes",

    TRUE(),

    'tblPBISecurity'[Group] IN SELECTCOLUMNS(_UserLocations, "Location", 'tblPBIGroup'[Location])

    )

    This logic allows users to access multiple locations as listed in the tblPBIGroup table.

    2.The TRUE() function grants unrestricted access to all rows in tblPBISecurity when AccessToAllLocations is set to Yes. Otherwise, it restricts access based on the specific locations.

     

    If you find this response helpful, kindly mark it as the accepted solution and consider giving kudos. This will be beneficial for other community members facing similar queries.

    Thank you.

Message 6 of 7
346 Views
JustinDoh1
Post Prodigy
Post Prodigy
In response to v-pnaroju-msft

‎04-08-2025 10:19 AM

@v-pnaroju-msft Thank you so much for all your help.

Message 7 of 7
335 Views
0
v-pnaroju-msft
Community Support
Community Support

‎04-05-2025 01:38 AM

Hi JustinDoh1,

As mentioned earlier, please apply the DAX expression to the tblPBISecurity table for implementing Row-Level Security (RLS), and verify if it resolves the issue.

If you find our response helpful, kindly mark it as the accepted solution and consider giving kudos. This will be beneficial for other community members who may have similar queries.

Thank you.

Message 4 of 7
420 Views
JustinDoh1
Post Prodigy
Post Prodigy
In response to v-pnaroju-msft

‎04-06-2025 07:16 PM

@v-pnaroju-msft 

I am getting this error:

JustinDoh1_0-1743992085903.png

 

Do I need to unclick this (Apply security filter in both directions), then?

JustinDoh1_1-1743992152262.png

 

Sorry.

I also have two more questions:

1. If I want multiple locations to be in the condition for _UserLocation, how do I modify the MAXX with?

 

JustinDoh1_2-1744065552481.png

 

 

 

2. On bottom DAX. What does 'TRUE()' mean?

 

IF(
_AccessToAll = "Yes",
TRUE(),
'tblPBISecurity'[Group] = _UserLocation
)

 

Thanks.

 

 

Message 5 of 7
381 Views
0
v-pnaroju-msft
Community Support
Community Support

‎04-03-2025 10:28 PM

Hi @JustinDoh1,

Thank you for reaching out to the Microsoft Fabric Community Forum.

Please find the revised DAX expression to be applied to the tblPBISecurity table for Row-Level Security (RLS). Kindly check if it resolves the issue:

VAR _User = USERPRINCIPALNAME()

VAR _AccessToAll = MAXX(

FILTER( 'tblPBIGroup', 'tblPBIGroup'[User] = _User ),

'tblPBIGroup'[AccessToAllLocations]

)

VAR _UserLocation = MAXX(

FILTER( 'tblPBIGroup', 'tblPBIGroup'[User] = _User ),

'tblPBIGroup'[Location]

)

RETURN

IF(

_AccessToAll = "Yes",

TRUE(),

'tblPBISecurity'[Group] = _UserLocation

)


If you find our response helpful, we kindly request you to mark it as the accepted solution and provide kudos. This will assist other community members who may have similar queries.

Thank you.

Message 2 of 7
462 Views
JustinDoh1
Post Prodigy
Post Prodigy
In response to v-pnaroju-msft

‎04-04-2025 10:09 AM

@v-pnaroju-msft 

Thank you so much for your help.

 

I am having an error recognizing a table value ('tblPBISecurity'[Group]) because, I think, the DAX is currently pointing to tblPBIGroup on the expression Window on the right side.

 

JustinDoh1_0-1743787209006.png

 

 

How do we fix this issue?

Thanks.

Message 3 of 7
439 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All