Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
jeffgreenrc
Regular Visitor

Conditionally filtering rows from a table with another table

‎11-12-2025 10:48 AM

Hi,

 

I have scenario, where i would like to implement RLS security with current login user. I have three tables i.e.

 

UserRole

UserId

Role

Admin

System Admin

User1

AR clerk

User1

AP manager

User1

Sales Clerk 1

User2

Sales Clerk 2

User2

System Admin

 

UserLocationPermission

UserId

Location

CanViewInventory

User1

Miami

1

User1

Seattle

0

User2

Los angles

1

User2

New York

1

 

Inventory

Location

Item

Quantity

Miami

Item1

10

Seattle

Item2

20

Los angles

Item3

30

New York

Item4

40

 

 

When User1 logins: (limited data of only 1 location since canviewinventory is enabled for it)

Inventory

Location

Item

Quantity

Miami

Item1

10

 

 

When User2 logins: (can view all data since it has system admin role)

Inventory

Location

Item

Quantity

Miami

Item1

10

Seattle

Item2

20

Los angles

Item3

30

New York

Item4

40

 

When Admin logins: (can view all data since it has system admin role)

Inventory

Location

Item

Quantity

Miami

Item1

10

Seattle

Item2

20

Los angles

Item3

30

New York

Item4

40

 

 

Pls guide me on how can I implement dynamic filtering of rows of Inventory table in visual in Power BI based on current user login.

 

 

Thank you.

Message 1 of 9
930 Views
0
1 ACCEPTED SOLUTION
V-yubandi-msft
Community Support
Community Support
In response to jeffgreenrc

‎11-21-2025 06:02 AM

Hi @jeffgreenrc ,
In your scenario, you can set up the RLS filter directly on the Inventory table. This will allow admins to view all rows, while other users will only see rows permitted by their location access. You can use an expression like the following.

VAR CurrentUser = USERPRINCIPALNAME()
VAR IsSystemAdmin =
    CALCULATE (
        COUNTROWS ( UserRole ),
        UserRole[UserId] = CurrentUser &&
        UserRole[Role] = "System Admin"
    )
RETURN
    IF (
        IsSystemAdmin > 0,
        TRUE(),  
        Inventory[Location] IN
            CALCULATETABLE (
                VALUES ( UserLocationPermission[Location] ),
                UserLocationPermission[UserId] = CurrentUser,
                UserLocationPermission[CanViewInventory] = 1
            )
    )

Here’s an example expression you can try, please test it, and let us know how it goes.

This logic determines whether the current user has the System Admin role. If so, they are not subject to filtering and can view all rows. If not, the filter limits Inventory rows to locations where the user has permission (CanViewInventory = 1).

Please implement this as the RLS rule on the Inventory table and test it using  View as Role in Power BI Desktop to ensure it works correctly for your users.

 

Regards,
Yugandhar.

View solution in original post

Message 8 of 9
694 Views
0
8 REPLIES 8
jeffgreenrc
Regular Visitor

‎11-13-2025 11:29 AM

Thanks @danextian ,

 

Pls provide more detail on your solution. Should i define relationship between tables and where should i define the filter condition you have provided.

 

Sorry for my ignore as I am new to power bi.

Message 5 of 9
844 Views
0
danextian
Super User
Super User
In response to jeffgreenrc

‎11-13-2025 02:47 PM

Create a many-to-many single direction relationship from UserRole[UserID] to UserLocationPermission[UserID]


Go to modelling view. Go to manage roles. Look for UserRole table and create a role using either of the formula given (note: switch to dax editor view). In the service, go to security settings and add the users to the role - users need to be added manually in the service or if they are in a security group, use that security group.

 

Also, there is a link from @parry2k, have you had a look at it?





Dane Belarmino | Microsoft MVP | Proud to be a Super User!

Did I answer your question? Mark my post as a solution!


"Tell me and I’ll forget; show me and I may remember; involve me and I’ll understand."
Need Power BI consultation, get in touch with me on LinkedIn or hire me on UpWork.
Learn with me on YouTube @DAXJutsu or follow my page on Facebook @DAXJutsuPBI.
Message 6 of 9
832 Views
0
jeffgreenrc
Regular Visitor
In response to danextian

‎11-18-2025 01:16 PM

Thanks @danextian ,

 

I am able to filter userrole and userlocationpermission but not Inventory. 

 

The reason is i can not make active relationship between inventory and userlocationpermission because admin would not have records in the userlocationpermission since they can view all location.

 

I am trying to implement RLS on inventory table with

Location IN values(LocationPermission[Location])

 

but the above is not working and giving error, even lookupvalue is not working.

 

How can i filter inventory table records without active relationship with locationpermission table.

Message 7 of 9
749 Views
0
V-yubandi-msft
Community Support
Community Support
In response to jeffgreenrc

‎11-21-2025 06:02 AM

Hi @jeffgreenrc ,
In your scenario, you can set up the RLS filter directly on the Inventory table. This will allow admins to view all rows, while other users will only see rows permitted by their location access. You can use an expression like the following.

VAR CurrentUser = USERPRINCIPALNAME()
VAR IsSystemAdmin =
    CALCULATE (
        COUNTROWS ( UserRole ),
        UserRole[UserId] = CurrentUser &&
        UserRole[Role] = "System Admin"
    )
RETURN
    IF (
        IsSystemAdmin > 0,
        TRUE(),  
        Inventory[Location] IN
            CALCULATETABLE (
                VALUES ( UserLocationPermission[Location] ),
                UserLocationPermission[UserId] = CurrentUser,
                UserLocationPermission[CanViewInventory] = 1
            )
    )

Here’s an example expression you can try, please test it, and let us know how it goes.

This logic determines whether the current user has the System Admin role. If so, they are not subject to filtering and can view all rows. If not, the filter limits Inventory rows to locations where the user has permission (CanViewInventory = 1).

Please implement this as the RLS rule on the Inventory table and test it using  View as Role in Power BI Desktop to ensure it works correctly for your users.

 

Regards,
Yugandhar.

Message 8 of 9
695 Views
0
jeffgreenrc
Regular Visitor
In response to V-yubandi-msft

‎11-21-2025 07:48 AM

Thanks a lot !

Message 9 of 9
684 Views
jeffgreenrc
Regular Visitor

‎11-13-2025 05:57 AM

Thank you for responses. 

The issue is I cannot make the relationship between tables active since I dont want to retrieve records from Inventory table based on it. The reason is the, the Admin user record is not present in UserLocationPermission table. 

 

Therefore, I need to identify if the user belongs to System role then view all records i.e. make the join inactive.

 

If user does not have system admin role, then it needs to show records matching with UserLocationPermission and Inventory table.

So how can I dynamically filter records in inventory table.

Message 4 of 9
850 Views
0
danextian
Super User
Super User

‎11-12-2025 07:32 PM

Hi @jeffgreenrc 

I am assuming your role table already includes the email addresses. Try the following RLS expressions:

VAR CurrentUser =
    USERPRINCIPALNAME ()
VAR CurrentRole =
    CALCULATE (
        MAX ( UserRole[Role] ),
        KEEPFILTERS ( UserRole[Email] = USERPRINCIPALNAME () )
    )
RETURN
    IF (
        CurrentRole = "System Admin",
        TRUE (),
        // admin  -  full access
        RELATED ( UserRole[Email] ) = CurrentUser // non-admin -  only related rows
    )


==============================

VAR CurrentUser =
    USERPRINCIPALNAME ()
VAR CurrentRole =
    LOOKUPVALUE ( UserRole[Role], UserRole[Email], CurrentUser )
RETURN
    IF (
        CurrentRole = "System Admin",
        TRUE (),
        // admin - full access
        RELATED ( UserRole[Email] ) = CurrentUser // non-admin - only related rows
    )

 

Since your userid repeats, you might end up creating a many-to-many relationship from UserRole to permission tables. Ensure that it is single direction only. 





Dane Belarmino | Microsoft MVP | Proud to be a Super User!

Did I answer your question? Mark my post as a solution!


"Tell me and I’ll forget; show me and I may remember; involve me and I’ll understand."
Need Power BI consultation, get in touch with me on LinkedIn or hire me on UpWork.
Learn with me on YouTube @DAXJutsu or follow my page on Facebook @DAXJutsuPBI.
Message 3 of 9
867 Views
0
parry2k
Super User
Super User

‎11-12-2025 11:40 AM

@jeffgreenrc it is pretty straight to setup, check out this blog post and make the changes as per your scenario



Subscribe to the @PowerBIHowTo YT channel for an upcoming video on List and Record functions in Power Query!!

Learn Power BI and Fabric - subscribe to our YT channel - Click here: @PowerBIHowTo

If my solution proved useful, I'd be delighted to receive Kudos. When you put effort into asking a question, it's equally thoughtful to acknowledge and give Kudos to the individual who helped you solve the problem. It's a small gesture that shows appreciation and encouragement! ❤


Did I answer your question? Mark my post as a solution. Proud to be a Super User! Appreciate your Kudos 🙂
Feel free to email me with any of your BI needs.

Message 2 of 9
916 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All