Solved: New to RLS

MyWeeLola · ‎05-02-2024

I have created 3 roles in the desktop application. Each role is based on a domain to search for their employees.

I can see how to enter individuals' names in the security service and apply them to a role, however in that section I want to add an email domain in there.

for example '@microsoft.com' goes to role 1

'@google.com, goes to role 2 etc

How do I achieve this

Finally, how do I add a rule for people who do not use one of the target email domain so that they get no view?

I look forward to hearing from you and getting any advice.

cheers

Lola

v-cgao-msft · ‎05-02-2024

Hi @MyWeeLola ,

Based on your description, and the solution provided by Miguel, I created a pbix file for your reference.
This RLS is dynamic, it will dynamically filter the table based on the current user's userprincipalname, and return the empty set when there is a user that is not in the contained domain.

Note that a Role RLS that has Edit or higher permissions on the semantic model will not take effect, so these users need to be assigned as Viewers.

Power BI implementation planning: Report consumer security planning - Power BI | Microsoft Learn

Best Regards,
Gao
Community Support Team

If there is any post helps, then please consider Accept it as the solution to help the other members find it more quickly.
If I misunderstand your needs or you still have problems on it, please feel free to let us know. Thanks a lot!

How to get your questions answered quickly -- How to provide sample data in the Power BI Forum -- China Power BI User Group

View solution in original post

MFelix · ‎05-02-2024

Hi @MyWeeLola ,

For this you need to make the selection of the name and then compare the last part of the USERPRINCIPALNAME()

If you add something similar to the rule below you should get what you need:

RIGHT(USERPRINCIPALNAME(),LEN(USERPRINCIPALNAME()) - SEARCH("@", USERPRINCIPALNAME())) = "microsoft.com"

This should give you the true statment for the filtering.

Regards

Miguel Félix

Did I answer your question? Mark my post as a solution!

Proud to be a Super User!

Check out my blog: Power BI em Português

MyWeeLola · ‎05-02-2024

@MFelix Thank you for replying. I think that either I am misunderstanding your response or I have not entered what I need correctly

I have a table with a column which has companies, Apple, Banana and Chocolate.

I have created a role called Apple, which filters my table and only shows Apple, I've created 2 other roles, one for Banana and one for Chocolate. I did this under manage roles in the desktop version.

I have now uploaded that to my workspace and then in the security section, I want someone with the username @Apple.com to be placed in the first security role, and so forth. The code you send me extracts the domain name in the desktop version, how do I apply that in the service? Essential, all I want is for someone with xxx@apple.com to only see the filtered Apple information or xxx@banana.com to only see the filtered banana. Does that make sense?

Thank you for being patient with my response