Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
steveplatz2
Frequent Visitor

Directlake Row Level Security

‎12-11-2025 08:09 AM

I'm running into an issue applying RLS to a DirectLake model, where I receive the error "The user belongs to multiple roles '' that have security filters, which isn't supported when one of the roles has filters affecting the table fact_end_customer_sales with SecurityFilteringBehavior=Both relationships." The security setup is being carried over from an import model, where it works without issue. 

 

2025-12-11 10_53_17-EMG End Customer Sales.png

 

There are two tables included in the RLS configuration, with a many-to-many relationship between them. 

  1. dim_sales_assignments (filters fact_end_customer_sales)
  2. fact_end_customer_sales

 

2025-12-11 10_50_53-EMG End Customer Sales.png

 

One of the security roles applied to the model filters on the dim_sales_assignments table; the other filters fact_end_customer_sales.

 

I found a few reports of similar issues with PBI Desktop from 2022, which seemed to indicate this was a bug that was fixed.

Does anyone know if this is a bug with DirectLake models or is this the intended behavior?

 

Edit (2025-12-11):

I've tried creating a bridge table so the relationship doesn't directly filter the fact table and that did not help. I've also tried removing all of the RLS rules on the fact table and have moved them to the dimensions. That also did not help. The N:N RLS rule will only apply if it is the only one defined in the model; otherwise, I get the error.

 

Thank you.

Labels:
Message 1 of 5
453 Views
0
1 ACCEPTED SOLUTION
Amar_Kumar
Super User
Super User
In response to steveplatz2

‎12-12-2025 02:07 PM

@steveplatz2 Current Workarounds
To avoid the error:

  1. Combine all RLS logic into a single role, or

  2. Refactor the model to avoid N:N security filtering when multiple roles must be allowed, or

  3. Use Import or DirectQuery mode, which do support merging RLS roles.

please mark this solution. Thanks

View solution in original post

Message 4 of 5
355 Views
4 REPLIES 4
Amar_Kumar
Super User
Super User

‎12-14-2025 11:25 AM

@steveplatz2 Can you mark this as accepted solution and close the thread please.

Message 5 of 5
302 Views
Amar_Kumar
Super User
Super User

‎12-11-2025 11:10 AM

@steveplatz2 

This is actually expected behavior with Direct Lake right now.

Even though the same RLS setup works in an Import model, Direct Lake handles security differently. At the moment, it cannot combine multiple RLS roles when one of them filters through a many-to-many relationship or uses SecurityFilteringBehavior = Both.
That’s why you’re seeing the error message about the user belonging to multiple roles.

 

So this isn’t a bug in your model—it's simply a Direct Lake limitation today. Hopefully Microsoft enables full multi-role RLS support in the future.

 

Message 2 of 5
406 Views
steveplatz2
Frequent Visitor
In response to Amar_Kumar

‎12-12-2025 11:22 AM

Thank you for the reply. I assume there is no workaround for this limitation today? Any chance you know if correcting this is something that's on their roadmap?

Message 3 of 5
371 Views
0
Amar_Kumar
Super User
Super User
In response to steveplatz2

‎12-12-2025 02:07 PM

@steveplatz2 Current Workarounds
To avoid the error:

  1. Combine all RLS logic into a single role, or

  2. Refactor the model to avoid N:N security filtering when multiple roles must be allowed, or

  3. Use Import or DirectQuery mode, which do support merging RLS roles.

please mark this solution. Thanks

Message 4 of 5
356 Views

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All