cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Row Level Security with Multiple levels (Complicated)

‎01-28-2022 04:35 AM

Hi,

 

I am looking to implement RLS for multiple levels.

I have 2 tables as below.

1) Groups

2) Tasks

Groups table will have , Group name and Member email.

johnbasha33_0-1643372655475.png

And tasks will have below columns

johnbasha33_1-1643372680433.png

Upon login by the user i want to filter my report in below ways.

Rule: 1) all the records should be visible wherer Isrestricted = NO for every user.
Rule 2: 2) Up on login by User, Rule 1 above should be applied and also, Isrestricted group = Yes and it should look at group table who is the user and how many groups the user is part of and only those groups in Tasks table should be filtered.
Rule 3: 3) Irrespective of above, who ever part of submitted by in the tasks table they have to see all the submitted by records along with Isrestricted access = NO.

 

I have tried relaly very hard to crack this and finally coming here for help from great minds.

 

 

Attaching the PBIX for your perusal. Appriciate your help guys.

 

https://1drv.ms/u/s!ApY7Qk9reuaNiw9L76Qr3dkIwHC6?e=LAe1al


@Pragati11 @amitchandak @ValtteriN @Greg_Deckler @GilbertQ @MikeJohnsonZA @AlexisOlson 

Message 1 of 9
2,017 Views
0
2 ACCEPTED SOLUTIONS
AlexisOlson
Super User
Super User

‎01-28-2022 07:51 AM

Is this the filtering expression you're after?

Tasks[SubmittedBy] = USERPRINCIPALNAME ()
    || Tasks[IsRestricted] = "No"
    || Tasks[RestrictedAccess]
        IN CALCULATETABLE (
            VALUES ( Groups[GroupName] ),
            Groups[Members] = USERPRINCIPALNAME ()
        )

View solution in original post

Message 2 of 9
1,940 Views
mwegener
Super User
Super User

‎01-28-2022 09:07 AM

Hi @Anonymous ,

 

you can distribute the rules into own role and then apply them additively to the users.

 

04_RoleView.png

03_Group.png

02_SubmittedBy.png

01_NotRestricted.png

 

Did I answer your question?
Please mark my post as solution, this will also help others.
Please give Kudos for support.

Marcus Wegener work at KUMAVISION AG , one of the world's largest
implementation partners for Microsoft Dynamics. #
"Get the most out of data, with Power BI."
twitter - LinkedIn - YouTube - website - podcast


View solution in original post

Dynamic RLS with Multiple Levels_MW.pbix
Message 4 of 9
1,931 Views
8 REPLIES 8
Parikrish25
New Member

‎07-26-2022 08:59 PM

hi All,

 

i need to implement row level securtiy for multiple rows. Is it possible Please help.


Slicers used are three levels

1. Location

2.Business Area

3.Segment / Discipline 

 

User should see slicer 1,2 & 3 only for his Location for other locations 2&3 slicers should be hidden. Can anyone please help??

 

For example : Bangalore Location head should only be able to view business area and discipline only for Bangalore & also should see only other Location level data and not the other sub slicers Business area and Discplines 

 

 

 

 

Message 9 of 9
757 Views
0
mwegener
Super User
Super User

‎01-28-2022 09:07 AM

Hi @Anonymous ,

 

you can distribute the rules into own role and then apply them additively to the users.

 

04_RoleView.png

03_Group.png

02_SubmittedBy.png

01_NotRestricted.png

 

Did I answer your question?
Please mark my post as solution, this will also help others.
Please give Kudos for support.

Marcus Wegener work at KUMAVISION AG , one of the world's largest
implementation partners for Microsoft Dynamics. #
"Get the most out of data, with Power BI."
twitter - LinkedIn - YouTube - website - podcast


Dynamic RLS with Multiple Levels_MW.pbix
Message 4 of 9
1,932 Views
Anonymous
Not applicable
In response to mwegener

‎01-30-2022 03:54 AM

@mwegener thsi is really great. working out well. could you please explain me how you derive it? 

thanks for your time.

Message 5 of 9
1,872 Views
0
mwegener
Super User
Super User
In response to Anonymous

‎01-30-2022 11:20 PM

Hi @Anonymous, I think the 3 roles align very well with your 3 rules and the split helps simplify the requirements. Rule 1 and 3 are quite simple as the criteria are already present in the Tasks table. Rule 2 is a typical pattern when assigning groups.

Did I answer your question?
Please mark my post as solution, this will also help others.
Please give Kudos for support.

Marcus Wegener work at KUMAVISION AG , one of the world's largest
implementation partners for Microsoft Dynamics. #
"Get the most out of data, with Power BI."
twitter - LinkedIn - YouTube - website - podcast


Message 6 of 9
1,839 Views
Anonymous
Not applicable
In response to mwegener

‎01-31-2022 12:16 AM

@mwegener I agree, Rule 2 is little tricky.

can you please help me understand the DAX we used for Rule 2?

CONTAINS( FILTER(Groups, Groups[Members] = USERPRINCIPALNAME() ), Groups[GroupName] , [RestrictedAccess], the same DAX expression when i add it as a measure it is throwing an error but the same is working in Roles.How do you know that this expression will work in Roles?we usually test the DAX in a measure and then we copy the same to Roles right then how did you know thaqt this will work? please answer me

Message 7 of 9
1,825 Views
0
mwegener
Super User
Super User
In response to Anonymous

‎01-31-2022 01:05 AM

Hi, in this case the function must iterate over the Tasks table, so it is easier to check it over a calculated column.

Did I answer your question?
Please mark my post as solution, this will also help others.
Please give Kudos for support.

Marcus Wegener work at KUMAVISION AG , one of the world's largest
implementation partners for Microsoft Dynamics. #
"Get the most out of data, with Power BI."
twitter - LinkedIn - YouTube - website - podcast


Message 8 of 9
1,821 Views
0
AlexisOlson
Super User
Super User

‎01-28-2022 07:51 AM

Is this the filtering expression you're after?

Tasks[SubmittedBy] = USERPRINCIPALNAME ()
    || Tasks[IsRestricted] = "No"
    || Tasks[RestrictedAccess]
        IN CALCULATETABLE (
            VALUES ( Groups[GroupName] ),
            Groups[Members] = USERPRINCIPALNAME ()
        )
Message 2 of 9
1,941 Views
Anonymous
Not applicable
In response to AlexisOlson

‎01-30-2022 03:55 AM

@AlexisOlson really brilliant and you got it with just one rule, i was doing 3 rules all these times.

but this is really great. thanks for your time.

Message 3 of 9
1,872 Views
0

Helpful resources

Announcements
PBI Sept Update Carousel

Power BI September 2023 Update

Take a look at the September 2023 Power BI update to learn more.

Learn Live

Learn Live: Event Series

Join Microsoft Reactor and learn from developers.

Dashboard in a day with date

Exclusive opportunity for Women!

Join us for a free, hands-on Microsoft workshop led by women trainers for women where you will learn how to build a Dashboard in a Day!

MPPC 2023 PBI Carousel

Power Platform Conference-Power BI and Fabric Sessions

Join us Oct 1 - 6 in Las Vegas for the Microsoft Power Platform Conference.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All