Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
astano05
Helper III
Helper III

Dynamic RLS Only Works Properly in Desktop

‎07-07-2021 06:18 AM

I have a salesman table (name, ID, email) connected to a customer assignment table (customer ID, name, assigned salesperson) connected to a customer table (customer ID, region, etc.). I set up dynamic RLS as Email=UserPrincipalName() on the salesman table.

 

When I test the role in desktop (Security --> View As --> Other User = sales rep email address; Sales Rep role checked) it works properly, but when I have the same user I tested with test in PBI Service on his end, he sees additional values outside his territory. What could be causing the disconnect between service and desktop?

Labels:
Message 1 of 4
663 Views
0
1 ACCEPTED SOLUTION
v-easonf-msft
Community Support
Community Support

‎07-08-2021 11:05 PM

Hi,  @astano05 

For RLS to work, a user needs to have read only permission in the workspace.Workspace members assigned AdminMember, or Contributor have edit permission for the dataset.They can see everything by default. So RLS doesn’t apply to them. 

 

If user can sees additional values outside his territory , please make sure the user can only view the report and have no permission to edit the report.

 

https://docs.microsoft.com/en-us/power-bi/admin/service-admin-rls#using-rls-with-workspaces-in-power... 

 

Best Regards,
Community Support Team _ Eason

View solution in original post

Message 3 of 4
575 Views
0
3 REPLIES 3
v-easonf-msft
Community Support
Community Support

‎07-26-2021 10:21 PM

Hi, @astano05 

Could you please tell me whether your problem has been solved?For now, there is no content of description in the thread. If you still need help, please share more details to us.

Best Regards,
Community Support Team _ Eason

 

Message 4 of 4
560 Views
0
v-easonf-msft
Community Support
Community Support

‎07-08-2021 11:05 PM

Hi,  @astano05 

For RLS to work, a user needs to have read only permission in the workspace.Workspace members assigned AdminMember, or Contributor have edit permission for the dataset.They can see everything by default. So RLS doesn’t apply to them. 

 

If user can sees additional values outside his territory , please make sure the user can only view the report and have no permission to edit the report.

 

https://docs.microsoft.com/en-us/power-bi/admin/service-admin-rls#using-rls-with-workspaces-in-power... 

 

Best Regards,
Community Support Team _ Eason

Message 3 of 4
576 Views
0
Gabriel_Walkman
Continued Contributor
Continued Contributor

‎07-07-2021 11:03 AM

Did you assign the role to the person or group holding the person in dataset settings?

 

Is the sales rep invited to your tenant? If so, the UserPrincipalName() might return a funky format:

So basically, I've determined there are 3 different e-mail formats that get return: 1) regular, 2) live.com# prefix, and 3) abc_workmail.com#EXT#(at)onmail.mail.com

 

Message 2 of 4
611 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All