Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
abhiram342
Microsoft Employee
Microsoft Employee

RLS Question

‎09-29-2023 02:08 PM

Hi Team,

I have below model and don't want to show Customer Table If User is not part of Security Table but user should able to slice by other pivots ( Geography). Because Of Default security filtering , It's not working. Can you please tell if there is any workaround.

Scenario : If User is not part of Security Table then don't want to show customer data but user should able to see data by Geography.

 

RLS Definition On Customer Table:

IF(ISEMPTY(FILTER(VALUES(Secuirty),AND(Secuirty[User Alias] = LEFT(USERPRINCIPALNAME(), FIND("@", USERPRINCIPALNAME()) - 1),Secuirty[Is Authorized User]))),FALSE(),TRUE())

PBI modelsPBI models

Thanks,

Abhiram

Labels:
Message 1 of 2
146 Views
0
1 REPLY 1
123abc
Community Champion
Community Champion

‎09-29-2023 10:42 PM

In Power BI, you can achieve the desired behavior by modifying your Row-Level Security (RLS) expression. It seems like you want to restrict access to the Customer Table based on whether a user is part of the Security Table, but still allow them to slice the data by Geography. To achieve this, you can use a combination of DAX measures and roles. Here's a step-by-step guide:

  1. Create a New Measure for Geography Slicing: You want users to be able to slice data by Geography regardless of their authorization status. Create a measure that calculates your desired metric for Geography. For example, if you have a Sales measure, create a Geography Sales measure:

Geography Sales = SUM(Customer[Sales])

 

Modify RLS for Customer Table: Modify your RLS expression on the Customer Table to include a condition that checks if the user is authorized to see data by Geography. You can use a combination of the USERNAME() and USERPRINCIPALNAME() functions to check for authorization.

Here's a modified RLS expression:

 

IF(
ISEMPTY(FILTER(VALUES(Security), AND(Security[User Alias] = LEFT(USERPRINCIPALNAME(), FIND("@", USERPRINCIPALNAME()) - 1), Security[Is Authorized User]))),
FALSE(),
TRUE()
)
||
HASONEVALUE(Geography[GeographyColumn])

 

  1. In this expression, we added HASONEVALUE(Geography[GeographyColumn]) to allow users to see data if they are slicing by Geography. If they are authorized for a specific Geography, they will see the data; otherwise, they will see nothing.

  2. Create Roles: Create two roles in Power BI: one for authorized users and one for others.

    • Role 1 (Authorized Users): Assign this role the modified RLS expression for the Customer Table.
    • Role 2 (Other Users): Assign this role no RLS restrictions for the Customer Table. They will only be able to see data by Geography.

  3. Assign Users to Roles: Assign users to the appropriate roles based on their authorization status. Users in the "Authorized Users" role will see customer data based on the RLS expression, and users in the "Other Users" role will see data only by Geography.

This approach should allow you to achieve the desired behavior: restricting access to the Customer Table unless the user is authorized while still allowing them to slice the data by Geography.

 

If this post helps, then please consider Accepting it as the solution to help the other members find it more quickly.

Message 2 of 2
113 Views
0

Helpful resources

Announcements
July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All