Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric Certified for FREE during Fabric Data Days. Don't miss your chance! Request now

Reply
Anonymous
Not applicable

2 Layers Row Level Security

‎11-27-2019 01:00 AM

Hi all,

 

Unfortunately, I got a very ununsal requirement for Access Control

 

I have upload the demo power bi file for better explanation.

 

We get Sales table, region/ country mapping table and user access control table.

 

The key pain point: User access control by Region first, then by Country.

 

We cannot hard code the country for each user as many countries in each region and country code can change over the time (I only include a few in demo).

 

“All” mean user can view all country data for that region.

 

ie: Eric can view all DACH, NL data, but Sam can only view FRANCE in FRANCE/ BELGIUM.


NameEmailRegionCountry
EricEric@abc.comDACH, NLAll
PeterPeter@abc.comDACH, NLAUSTRIA
BorisBoris@abc.comDACH, NLGERMANY
PeterPeter@abc.comFRANCE/BELGIUMAll
SamSam@abc.comFRANCE/BELGIUMFRANCE
HenryHenry@abc.comUKAll
PeterPeter@abc.comUKAll

How can I achieve 2 layers RLS with user email? I try to use the Organizational Hierarchy concept, but fail.

 

https://www.dropbox.com/s/7wopvrhs7jgti6g/Hierarchy%20RLS-demo.pbix?dl=0 

Thanks.

 

 

Labels:
Message 1 of 3
599 Views
0
2 REPLIES 2
v-frfei-msft
Community Support
Community Support

‎11-28-2019 06:06 PM

Hi @Anonymous ,

 

I have created the role in your sample by the formula.

VAR Email = "Eric@abc.com"
VAR Region =
    CALCULATETABLE (
        VALUES ( 'User Right'[Region] ),
        FILTER ( 'User Right', 'User Right'[Email] = Email )
    )
VAR Country =
    CALCULATETABLE (
        VALUES ( 'User Right'[Country] ),
        FILTER ( 'User Right', 'User Right'[Region] IN Region )
    )
VAR k =
    FILTER ( 'Region/County', 'Region/County'[Region] IN Region )
VAR n =
    CALCULATETABLE (
        VALUES ( 'Region/County'[Country] ),
        FILTER ( 'Region/County', 'Region/County'[Country] IN Country ),
        KEEPFILTERS ( k )
    )
RETURN
    [Country] IN n

Capture.PNG

You can change the email address to USERNAME function in your side.

BYW, pbix as attached.

 

Community Support Team _ Frank
If this post helps, then please consider Accept it as the solution to help the others find it more quickly.
Hierarchy RLS-demo (1).pbix
Message 2 of 3
590 Views
0
Anonymous
Not applicable
In response to v-frfei-msft

‎11-28-2019 10:54 PM

Thanks for your reply.

 

Unfortunately, the problem is more complicated as my team would like to simplify the user control table and also apply All in Region.

 

Below is my new user control table (All in both Region & Country) and a new table to store all Regions values.

New User.PNGRegion.PNG

 

To make it easy, I create a extra step to match for mapping regions first, but I cannot modify the M code successfully (i cannot let All to expand all Regions in my Region table)

Step1.PNGIncorrect Map.PNG

 
If I can expand the Regions and I will use this intermediate table for mapping country.
 
Do you have any idea how to handle it? Thanks.
 
https://www.dropbox.com/s/n8oj15b7etvc2sa/Hierarchy%20RLS-demo%20v2.pbix?dl=0 
https://www.dropbox.com/s/8dl3mvkfyiv43qe/ML%20RLS%20data%20v2.xlsx?dl=0 
 
Many Thanks.
Message 3 of 3
579 Views
0

Helpful resources

Announcements
November Power BI Update Carousel

Power BI Monthly Update - November 2025

Check out the November 2025 Power BI update to learn about new features.

Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All