Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
texmexdragon2
Helper V
Helper V

Help with Row Level Security logic

‎01-04-2023 07:39 AM

Hello Community -  

 

I have a request from a sales team to modify our current RLS settings.   They want to add the ability of a sales manager (who is on a different team) to be able to view the sales data from a team that he is not currently a part of.   In my employee dimension table he is only a member of one team...and I don't want to add him to another team as this will cause a duplicate row (for user ID) which is a primary key.     The trick is, they don't want the other team members (to see his data on his current team).  

 

The below logic works to some extent...it allows the sales manager to see all of the "AF" team as well as his own data.   But it also allows for the AF team members to see his data (which is not what they want).   The AF team members should still only see their team data, but the sales manager should see his data and theirs.   

 

How can I modify this to achieve the desired result?   In my example below, the sales manager is "some.name".   

 

[Team] = "AF – North America"  ||  [User Principal Name] = "Some.Name@somewhere.com"

 

 

Labels:
Message 1 of 3
258 Views
0
1 ACCEPTED SOLUTION
texmexdragon2
Helper V
Helper V
In response to v-tangjie-msft

‎01-06-2023 08:54 AM

@v-tangjie-msft     Hi Neeko  -  thank you for the response.   A simple solution was to just add this person to the role (in the Power Bi service) and that seems to be working! 

View solution in original post

Message 3 of 3
195 Views
0
2 REPLIES 2
v-tangjie-msft
Community Support
Community Support

‎01-05-2023 12:13 AM

Hi @texmexdragon2 ,

 

According to my understanding and research of the RLS function, if you have implemented dynamic RLS through the DAX statement writing logic in RLS applied to the value of the user UPN field in the related user table, then each user in the user table is equal, unless you use the If() statement in the DAX expression to separately define the data viewing logic corresponding to the user's role, so for your needs, I think there are only two possibilities to achieve at present:

Define a new role separately for the user "Some.Name@somewhere.com" and write specific data viewing logic
If you have the need to view the data set in full, you can consider directly sharing the "Write" permission of a data set to the user, which can ignore the logic of RLS and allow users to have the permission to view the data set in full, please refer to this document for details:

Dataset permissions - Power BI | Microsoft Learn

 

Best Regards,

Neeko Tang

If this post  helps, then please consider Accept it as the solution  to help the other members find it more quickly. 

Message 2 of 3
202 Views
texmexdragon2
Helper V
Helper V
In response to v-tangjie-msft

‎01-06-2023 08:54 AM

@v-tangjie-msft     Hi Neeko  -  thank you for the response.   A simple solution was to just add this person to the role (in the Power Bi service) and that seems to be working! 

Message 3 of 3
196 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All