Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
Anonymous
Not applicable

RLS using login email to limit data view

Good day to whoever reads this. 🙂 

I am trying to use RLS in my PowerBI desktop file to allow someone to view or not view certain data for example. 
admin@domain.com would be allowed to see everything while worker1@domain.com would only be able to view data for the eastern branch of the company and someone not in the RLS table wouldn't be able to see anything at all. I would like to filter these permissions based on the email they are using to log in with I have tried using: 

 

[UPN] == userprincipalname ()

 

But fail to get it working and fully understand how to do it. After viewing the documentation on RLS I'm still unsure of how to do this so anyone that can offer some help I would highly appreciate it!

P.s. If any extra information is needed from my side please let me know I'll gladly provide anything I can 🙂

1 ACCEPTED SOLUTION

Hi @Anonymous,

>>If I understand you correctly it needs to have either a column with those usernames in it in each table or a relationship where it takes the username from a table and uses it on any table that is connected to it by those relationships?

In fact, they are basic usages and username part are not necessary. If the basic username and records mapping not suitable for your usernames, you can also consider setting some two or three step roles andd add a default role for the users which not has correspond usernames.

For example, you can bind user with group/departments and use RLS filter on the group field to filter records and apply these filter effect based on relationship.(user table link to the user group/department table, and use this table as bridge to link other tables; current username as condition to find out correspond group to filter records, if not existed correspond username, return the default group filter)

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

View solution in original post

4 REPLIES 4
v-shex-msft
Community Support
Community Support

Hi @Anonymous,

For dynamic RLS with USERNAME/USERPRINCIPALNAME, you need to create or modify your user table to add a field with correspond user accounts, then you can use Dax USERNAME/USERPRINCIPALNAME function result as condition to check that field to apply filter effect. Then these filter effect will be apply to other tables if you has enabled the relationship from user table to other table with ‘both’ directions.

DAX USERPRINCIPALNAME - Use in RLS - Power BI Docs

What is the Direction of Relationship in Power BI? - RADACAD

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Anonymous
Not applicable

Hey there@v-shex-msft,

Thank you for your response I did view those links before posting here but If I understand you correctly it needs to have either a column with those usernames in it in each table or a relationship where it takes the username from a table and uses it on any table that is connected to it by those relationships? if this is the case RLS wouldn't work too well for me here since not all of them are connected to the employee information where the username would be.

Sorry if the question seems like a dumb beginner's error I'm still learning a lot about BI.

Thank you in advance!

Hi @Anonymous,

>>If I understand you correctly it needs to have either a column with those usernames in it in each table or a relationship where it takes the username from a table and uses it on any table that is connected to it by those relationships?

In fact, they are basic usages and username part are not necessary. If the basic username and records mapping not suitable for your usernames, you can also consider setting some two or three step roles andd add a default role for the users which not has correspond usernames.

For example, you can bind user with group/departments and use RLS filter on the group field to filter records and apply these filter effect based on relationship.(user table link to the user group/department table, and use this table as bridge to link other tables; current username as condition to find out correspond group to filter records, if not existed correspond username, return the default group filter)

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.
Anonymous
Not applicable

Hey @v-shex-msft,

Thank you so much for your explanation we have decided not to use RLS but you have allowed me to learn more about it which I have laid with personally have a wonderful day and thanks a lot again.

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors