Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Compete to become Power BI Data Viz World Champion! First round ends August 18th. Get started.

Reply
GimmeDaData
Regular Visitor

Dynamic RLS / 2 conditions based on 2 columns

‎10-28-2022 02:06 AM

Hello,

 

I need to set up a dynamic RLS. I need users to be able to only see data related to their category, which is easy ("[PrincipalName] = userprincipalname()" filter on permission table and a relationship between it and the fact table on Category, with a bridge table in between).

 

But some users are also managers of specific products, which can be sold outside users' categories and they should be able to follow those products as well. My problem is that I don't know how to make a user see the the data related to a category PLUS products (which they are managers of) outside their category.

 

There are also users, who are NOT managers of any products, they just need to see a category/categories (I guess for them it would be easiest to create a separate role).

 

Permissions would be managed by an excel file in sharepoint. It is already being used to manage RLS access to other reports (which don't have the product manager problem). It looks like this:

 

Permissions Table

name   PrincipalName  category
Joey Tribbiani  jt@abc.comsandwiches
Chandler Bing  cb@abc.comtaco
Chandler Bing  cb@abc.compizza
Rachen Green  rg@abc.comsalads
Monica Geller  mc@abc.comtacos
Monica Geller  mc@abc.compizza
Monica Gellermc@abc.comsalads
Monica Gellermc@abc.comsandwiches

I am pulling this table into my model of course. None of these columns have unique values, I have to create a connector/bridge table, to avoid many-to-many relationships.

 

I have a Product Dimension table and a fact table. Product Managers' names (names, not PrincipalNames) are in Product Dimension (but I could pull them into the fact table if needed). However Category column has to be in my fact table (as it is not based on a product but rather a transaction in the fact table).

 

Product Dimension

ProductID  ProductManagerName  Lifecycle
1Joey TribbianiActive
2Joey TribbianiActive
3Ross GellerActive
4(blank)End of life
5Chandler BingActive

 

Fact Table

TransactionID  ProductID  Category  Value
11sandwiches  5
21pizza5
32pizza10
43salads7
54salads8
65taco9

 

Any ideas how to achieve this? Is it even possible?

 

Thanks.

 

 

Labels:
Message 1 of 3
1,417 Views
0
1 ACCEPTED SOLUTION
GimmeDaData
Regular Visitor
In response to Anonymous

‎10-31-2022 03:21 AM

Hey,

 

Thanks for your answer. 

 

I think I solved it. I brought the Product Manager into the fact table and simply set this RLS filter on that fact table:

 

VAR user_name =
    LOOKUPVALUE (
        'Permissions Table'[Name],
        'Permissions Table'[Email- (Short Form)], USERPRINCIPALNAME()
    )
VAR user_categories =
    CALCULATETABLE(
       VALUES ('Permissions Table'[AccessToCategory] ),
       FILTER(
          'Permissions Table',
          'Permissions Table'[Email- (Short Form)] = USERPRINCIPALNAME()
       )
    )
RETURN
    OR (
        'FactTable'[ProductManager] = user_name,
        'FactTable'[Category] IN user_categories
    )

 

 

I know it is not necessarily considered a best practice to set a RLS filter on a fact table but it doesn't seem to impact performance as much.

 

Thanks again for the tip 🙂

 

Kid regards,

GimmeDaData

View solution in original post

Message 3 of 3
1,323 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎10-31-2022 02:49 AM

Hi @GimmeDaData ,

 

I think you can try equal or not equal rule in your RLS.

For reference:

Dynamic Row-Level Security in Power BI with NOT IN or NOT EQUAL Rule

Dynamic Row Level Security w/ Multiple Criteria

If this reply still couldn't help you solve your issue, please show me a screenshot with the result you want.

For example, when Joey Tribbiani sign in, then your visual should look like what.

This will make it easier for me to find the solution. 

 

Best Regards,
Rico Zhou

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 3
1,328 Views
0
GimmeDaData
Regular Visitor
In response to Anonymous

‎10-31-2022 03:21 AM

Hey,

 

Thanks for your answer. 

 

I think I solved it. I brought the Product Manager into the fact table and simply set this RLS filter on that fact table:

 

VAR user_name =
    LOOKUPVALUE (
        'Permissions Table'[Name],
        'Permissions Table'[Email- (Short Form)], USERPRINCIPALNAME()
    )
VAR user_categories =
    CALCULATETABLE(
       VALUES ('Permissions Table'[AccessToCategory] ),
       FILTER(
          'Permissions Table',
          'Permissions Table'[Email- (Short Form)] = USERPRINCIPALNAME()
       )
    )
RETURN
    OR (
        'FactTable'[ProductManager] = user_name,
        'FactTable'[Category] IN user_categories
    )

 

 

I know it is not necessarily considered a best practice to set a RLS filter on a fact table but it doesn't seem to impact performance as much.

 

Thanks again for the tip 🙂

 

Kid regards,

GimmeDaData

Message 3 of 3
1,324 Views
0

Helpful resources

Announcements
July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All