Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft is giving away 50,000 FREE Microsoft Certification exam vouchers. Get Fabric certified for FREE! Learn more

Reply
Anonymous
Not applicable

Multi-level many-to-many dynamic RLS

‎03-17-2022 08:16 AM

Hello everyone!

 

I would like to define 3 roles of RLS: Director, Manager and Seller. Here is sample file: https://www.dropbox.com/s/93hwf2lsfe28wlj/example.pbix?dl=0

 

So, the problem is: Director can see all transactions based on Level 1 (e.g. Electronics). Manager can see transactions based on Level 2 (e.g. Bikes) and Seller can only see transactions on Level 3 (e.g. Mountain Bikes).

 

Can you, please, help me how to do it? I have tried a lot of things from the communitry, but nothing really solved the whole problem.

 

Thank you in advance!

Message 1 of 5
985 Views
0
1 ACCEPTED SOLUTION
jdbuchanan71
Super User
Super User

‎03-17-2022 08:44 AM

@Anonymous 

First disconnect the Sellers table from the Departments table, that link is not needed.

Then you will create the three roles that read the correct field from the Sellers table and applies the filter too the Departments table.

Director:

VAR _UPN = USERPRINCIPALNAME()
RETURN
Departments[Level 1] IN
    CALCULATETABLE ( 
        DISTINCT ( Sellers[Level 1] ), 
        Sellers[PrincipalName] = _UPN
    )

Manager:

VAR _UPN = USERPRINCIPALNAME()
RETURN
Departments[Level 2] IN
    CALCULATETABLE ( 
        DISTINCT ( Sellers[Level 2] ), 
        Sellers[PrincipalName] = _UPN
    )

Seller:

VAR _UPN = USERPRINCIPALNAME()
RETURN
Departments[Level 3] IN
    CALCULATETABLE ( 
        DISTINCT ( Sellers[Level 3] ), 
        Sellers[PrincipalName] = _UPN
    )

 Then you assign the users to the correct role.  When they log in, RLS will get their USERPRINCIPALNAME(), figure out what role they are in an apply the filtering.  You can test this using the 'View as' in PowerBI desktop.  You pick the user and the role.  This replicates what that user would see if they were assigned to that role.

jdbuchanan71_0-1647531769096.png

I have attached my updated version of your file for you to look at.

 

View solution in original post

Multi-level many-to-many dynamic RLS.pbix
Message 2 of 5
932 Views
0
4 REPLIES 4
jdbuchanan71
Super User
Super User

‎10-14-2022 11:56 AM

@Anonymous 

The way to do that is to use active directory security groups.  You assign the security group to the role then any user you add to the security group will get that role's permissions.

Message 5 of 5
767 Views
0
Anonymous
Not applicable

‎03-17-2022 09:57 AM

@jdbuchanan71 thank you!

Message 4 of 5
920 Views
0
jdbuchanan71
Super User
Super User

‎03-17-2022 08:44 AM

@Anonymous 

First disconnect the Sellers table from the Departments table, that link is not needed.

Then you will create the three roles that read the correct field from the Sellers table and applies the filter too the Departments table.

Director:

VAR _UPN = USERPRINCIPALNAME()
RETURN
Departments[Level 1] IN
    CALCULATETABLE ( 
        DISTINCT ( Sellers[Level 1] ), 
        Sellers[PrincipalName] = _UPN
    )

Manager:

VAR _UPN = USERPRINCIPALNAME()
RETURN
Departments[Level 2] IN
    CALCULATETABLE ( 
        DISTINCT ( Sellers[Level 2] ), 
        Sellers[PrincipalName] = _UPN
    )

Seller:

VAR _UPN = USERPRINCIPALNAME()
RETURN
Departments[Level 3] IN
    CALCULATETABLE ( 
        DISTINCT ( Sellers[Level 3] ), 
        Sellers[PrincipalName] = _UPN
    )

 Then you assign the users to the correct role.  When they log in, RLS will get their USERPRINCIPALNAME(), figure out what role they are in an apply the filtering.  You can test this using the 'View as' in PowerBI desktop.  You pick the user and the role.  This replicates what that user would see if they were assigned to that role.

jdbuchanan71_0-1647531769096.png

I have attached my updated version of your file for you to look at.

 

Multi-level many-to-many dynamic RLS.pbix
Message 2 of 5
933 Views
0
Anonymous
Not applicable
In response to jdbuchanan71

‎10-14-2022 10:48 AM

how do you also make the role assignment dynamic... i.e. the fact that Hoegart is a director is currently manual... you would need to factor in a table or field that drives a role identification and automatically assigns the filtering level... can you show an extended example?

Message 3 of 5
777 Views
0

Helpful resources

Announcements
March PBI video - carousel

Power BI Monthly Update - March 2025

Check out the March 2025 Power BI update to learn about new features.

March2025 Carousel

Fabric Community Update - March 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All