Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
ptmuldoon
Resolver I
Resolver I

How to setup RLS with mutiple filters?

‎12-10-2024 08:41 AM

I am revisiting (not quite starting from scratch) in working to rebuild a data model, and trying better to understand and use RLS.  Currently this is in desktop, but the model will also likely get rebuilt later in PBI service.

 

I am trying to set this up and design so that based on the UPN of the user, when the user views the model, they should get filtered down into 3 main criteria.

 

1. Filter the Companies/Divisions based on the Group they belong to.

2. Filter the Departments they are allowed to see (ie, Sales, Marketing, etc.)

3. Filter the COA for the appropriate access (ie, Revenue Only, Expense Only, No Labor, etc.)

 

I've created a sample file trying to getting this started creating various tables and 'lists' for each, and think i'm on the correct path but unsure just yet.  The model look likes below, all using 1 to many relationships.  And I've created a Role filtering the User email to the UPN.   It's just those next steps I think I need to better learn and understand?

 

I'm not sure if I can attach the sample, but have placed it here as well if anyone can help.

 

https://drive.google.com/file/d/1xH3Vc4PncX_FEEgLbnGIzvSF-Tlk2qve/view?usp=sharing

 

ptmuldoon_0-1733848470646.png

 

 

Labels:
Message 1 of 5
449 Views
0
4 REPLIES 4
ptmuldoon
Resolver I
Resolver I

‎12-12-2024 10:33 AM

So I've updated my Sample file here below, and feel like I'm pretty close now in getting this to work as I would like.

 

https://drive.google.com/file/d/1xH3Vc4PncX_FEEgLbnGIzvSF-Tlk2qve/view?usp=sharing

 

I was able to setup the RLS where based on the UPN, I have this:

 

Filtering Correctly to get the Correct 'Regions', Departments', and 'Account Types'.  But I haven't figure out quire the last piece, and this filtering the actual GL Accounts to then only show the correct accounts for those departments.  

 

I'm not sure I need to add additional RLS into the Role (in the GLAccountLIsts)?  Or I need to do additional with the relationships.

 

I ended up using this RLS on each of my DeptGroups, SiteGroups, and GLAccountGroup tables.

[DeptGroupID] IN SELECTCOLUMNS(
    FILTER(
        Users,
        Users[Email]=USERPRINCIPALNAME()
    ),
    "DeptGroupID"
    ,[DeptGroupID]
)
Message 4 of 5
343 Views
0
Anonymous
Not applicable
In response to ptmuldoon

‎12-17-2024 12:02 AM

Hi @ptmuldoon

 

Belated reply.

 

If you need to combine multiple filters, you can use logical operators in the DAX expression. You can try, for example:

 

[DeptGroupID] IN SELECTCOLUMNS(
    FILTER(
        Users,
        Users[Email] = USERPRINCIPALNAME()
    ),
    "DeptGroupID",
    [DeptGroupID]
) &&
[AccountType] IN SELECTCOLUMNS(
    FILTER(
        Users,
        Users[Email] = USERPRINCIPALNAME()
    ),
    "AccountType",
    [AccountType]
)

 

Regards,

Nono Chen

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 5 of 5
319 Views
ptmuldoon
Resolver I
Resolver I

‎12-11-2024 08:01 AM

Hi @Anonymous 

 

I've made some progress with that.  But do you know if there is away to possible pass a comma separate list into an IN statement?

 

VAR Departments = "Administration, Maintenance"

RETURN
DeptLists[DeptGroupName] IN {Departments}

 

Message 3 of 5
363 Views
0
Anonymous
Not applicable

‎12-10-2024 06:19 PM

Hi @ptmuldoon 

 

Please try:

 

Filter Companies/Divisions Based on Group:
Ensure your Users table has a field that links to the DeptGroups table.
Create a relationship between Users and DeptGroups using the DeptGroupID.


In your RLS role, use a DAX filter like:

[DeptGroupID] = LOOKUPVALUE(DeptGroups[DeptGroupID], DeptGroups[DeptGroupName], USERPRINCIPALNAME())

 

Filter Departments:
Ensure your Users table has a field that links to the DeptLists table.
Create a relationship between Users and DeptLists using a common field like SuffixUPNName.


In your RLS role, use a DAX filter like:

[Departments] IN VALUES(DeptLists[Departments])

 

Filter COA for Appropriate Access:
Ensure your Users table has a field that links to the AccountsLists table.
Create a relationship between Users and AccountsLists using a common field like SuffixUPNName.


In your RLS role, use a DAX filter like:

[AccountType] IN VALUES(AccountsLists[AccountType])

 

Implementing RLS in Power BI Desktop:
Go to the "Modeling" tab and select "Manage Roles".
Create a new role and add the DAX filters for each table as described above.
Test the roles by using the "View as Roles" feature to ensure the data is filtered correctly.

 

Publishing to Power BI Service:
When you publish your model to the Power BI Service, the RLS roles will be carried over.
Assign users to the roles in the Power BI Service under the dataset's security settings.

 

Regards,

Nono Chen

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 5
383 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All