Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
cdizzle22
Frequent Visitor

Dynamic RLS With Multiple Domains

‎06-27-2022 08:16 AM

Good morning,

 

There is a dashboard that will be accessed from people accross different domains. I would like to set up dynamic RLS so there only has to be one security group in AAD. I have seen other posts showing to create a name table but then when the RLS Dax expression is created, it is using the full email address determine what RLS role should be used. Does anyone have tips on how to set up Dynamic RLS only using the domain portion of the email address and not the whole email address?

 

Thanks!

Labels:
Message 1 of 5
1,814 Views
0
1 ACCEPTED SOLUTION
jdbuchanan71
Super User
Super User

‎06-27-2022 09:32 AM

Not quite, no.

When a user logs into PowerBI they use their email address as their username.

This is what gets returnd by the DAX function USERPRINCIPALNAME().

Lets say bgates@microsoft.com is logging into your report.

This portion of the code:

VAR _UPN = USERPRINCIPALNAME()
VAR _Domain = RIGHT(_UPN,LEN(_UPN)-(FIND("@",_UPN,,0)))
RETURN _Domain

Would return 'microsoft.com'.  

I am assuming your model has a colmn that has the domain in it and that is where you apply the filter in the role.

View solution in original post

Message 4 of 5
1,758 Views
0
4 REPLIES 4
jdbuchanan71
Super User
Super User

‎06-27-2022 09:32 AM

Not quite, no.

When a user logs into PowerBI they use their email address as their username.

This is what gets returnd by the DAX function USERPRINCIPALNAME().

Lets say bgates@microsoft.com is logging into your report.

This portion of the code:

VAR _UPN = USERPRINCIPALNAME()
VAR _Domain = RIGHT(_UPN,LEN(_UPN)-(FIND("@",_UPN,,0)))
RETURN _Domain

Would return 'microsoft.com'.  

I am assuming your model has a colmn that has the domain in it and that is where you apply the filter in the role.

Message 4 of 5
1,759 Views
0
cdizzle22
Frequent Visitor
In response to jdbuchanan71

‎06-27-2022 09:50 AM

I do not have the column created yet but this explanation helps clear up some of the questions. Thanks for your help!

Message 5 of 5
1,751 Views
0
cdizzle22
Frequent Visitor

‎06-27-2022 09:23 AM

Thanks for the help and this looks like what I need but want to make sure I understand it correctly.

This is going to seperate the domain from the email address so there will still need to be a table created that shows email addresses. Do you have to set the table up as company name in one column, email in another column, and then create a relationship with the company name in another table to make sure the data is filtered correctly?

Message 3 of 5
1,761 Views
0
jdbuchanan71
Super User
Super User

‎06-27-2022 09:06 AM

@cdizzle22 

You can get the domain of the signed in user and apply it as a filter over the table that has the domains.

[Domain] = 
VAR _UPN = USERPRINCIPALNAME()
VAR _Domain = RIGHT(_UPN,LEN(_UPN)-(FIND("@",_UPN,,0)))
RETURN _Domain

jdbuchanan71_0-1656345966342.png

 

Message 2 of 5
1,764 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All