Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
Anonymous
Not applicable

Dynamic Row Level Security Based On Multiple Fields

‎08-04-2022 07:50 AM

I have a dataset that looks like this:

alindquist_0-1659624089496.png

Each transaction has a territory code and a bill to code, and each of those codes has a user associated. In this example, territory or bill to code NAP1 is associated with user 1, territory or bill to code NAP2 is associated with user 2, and territory or bill to code is associated with user 3.

 

I need to implement dynamic row level security as follows:

  • If the territory code OR the bill to code begins with "NAP", any associated user should have access to the data
  • If the territory code OR the bill to code begins with anything else, the user associated with that code should have access to the data

In this example, users 1 and 2 both are associated with codes beginning with NAP so they should both see all rows where territory or bill to code begins with NAP. Or in other words, they should both see all transactions except 9 and 12. User 3 should only see transactions 3, 7, 9, 10, 11, and 12.

 

I created a sample .pbix file that you can download here.

Labels:
Message 1 of 5
2,131 Views
0
4 REPLIES 4
lbendlin
Super User
Super User

‎08-05-2022 04:29 PM

When you say dynamic RLS do you mean dynamic RLS as in "based on USERPRINCIPALNAME mapping"  or do you mean "roles per user with rules that include OR statements"  ?

Message 2 of 5
2,097 Views
0
Anonymous
Not applicable
In response to lbendlin

‎08-08-2022 06:50 AM

@lbendlin I need to use USERPRINCIPALNAME() to base the security on the user who is logged in. The rule also needs to consider both the territory code and the bill to code, so it will probably require an OR statement.

Message 3 of 5
2,065 Views
0
lbendlin
Super User
Super User
In response to Anonymous

‎08-08-2022 11:22 AM

user = USERPRINCIPALNAME() || Left([Territory Code]="NAP" || Left ([bill to code]="NAP"

Message 4 of 5
2,058 Views
Anonymous
Not applicable
In response to lbendlin

‎08-08-2022 11:58 AM

I couldn't get that to work. However, I was able to figure out a solution that works. First I added two custom columns to the data model like this:

 

TerritoryRLSCode = if Text.StartsWith([Territory Code], "NAP") then Text.Start([Territory Code], 3) else [Territory Code]

BillToRLSCode = if Text.StartsWith([Bill To Code], "NAP") then Text.Start([Bill To Code], 3) else [Bill To Code]

 

Then I created a new role with the following logic:

 

OR(
'Table'[TerritoryRLSCode] IN SELECTCOLUMNS(
FILTER('Table', 'Table'[Territory Email] = USERPRINCIPALNAME()),
"TerritoryRLSCode",
[TerritoryRLSCode]
),
'Table'[BillToRLSCode] IN SELECTCOLUMNS(
FILTER('Table', 'Table'[Bill To Email] = USERPRINCIPALNAME()),
"BillToRLSCode",
[BillToRLSCode]
))

 

I'm sure there's a better way to accomplish this, but it does work as expected. Here's a link to the .pbix of my solution

Message 5 of 5
2,055 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

November Power BI Update Carousel

Power BI Monthly Update - November 2025

Check out the November 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All