Get certified for free when you join Fabric Data Days 2026 and dive into Fabric, Power BI, SQL, AI, and other essential data skills.
Join nowJuly 7 - July 17 | Round 2 of the Power BI Dataviz World Championships. Don't miss your chance! Learn more
Is it possible to make Object Level Security dynamic so that instead of having to place each user into a role manually, it can use DAX to determine if a user should or should not see an object OR if the user should or should not be placed into a role? Like how RLS is handled dynamically via DAX.
It appears that the only way to deny (or grant) access to columns or objects for a user is to set the permissions in the role and then manually add the user (or a group the user is in) to that role.
Meaning that if the user's permissions to view objects changes I would have to go back and update each model's role assignment or AD group.
Solved! Go to Solution.
Hi, @OneWithQuestion
As of now , powerbi doesn't support dynamic object level Security.
Not to be confused with row-level security, OLS does not simply hide rows of data from end users. Instead, OLS hides the entire table or column\measure.
Dynamic Rls must need a user table which contains a field like "email-work" .Then you can use Table[column =]UserPrincipalName() to filter related tables' row data ( manage roles ->roles->table-> table filter expression)
The essence is that dax obtains the currently logged-in user to filter the table row data.
Dax can be used to filter tables' row data in each table filter expression but it cannot be used to filter the tables\Table columns and measures in the model. So it is hard to make Object Level Security dynamic (data filtered by current email address )
Best Regards,
Community Support Team _ Eason
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Microsoft says that at present there are no plans to make Object Level Security dynamic.
Microsoft says that at present there are no plans to make Object Level Security dynamic.
Hi, @OneWithQuestion
Could you please tell me whether your problem has been solved?
For now, there is no content of description in the thread. If you still need help, please share more details to us.
Best Regards,
Community Support Team _ Eason
Hi, @OneWithQuestion
As of now , powerbi doesn't support dynamic object level Security.
Not to be confused with row-level security, OLS does not simply hide rows of data from end users. Instead, OLS hides the entire table or column\measure.
Dynamic Rls must need a user table which contains a field like "email-work" .Then you can use Table[column =]UserPrincipalName() to filter related tables' row data ( manage roles ->roles->table-> table filter expression)
The essence is that dax obtains the currently logged-in user to filter the table row data.
Dax can be used to filter tables' row data in each table filter expression but it cannot be used to filter the tables\Table columns and measures in the model. So it is hard to make Object Level Security dynamic (data filtered by current email address )
Best Regards,
Community Support Team _ Eason
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Join us in Barcelona for FabCon and SQLCon, the Fabric, Power BI, SQL, and AI community event. Save €200 with code FABCMTY200.
Join Fabric Data Days 2026: 60 days of free live/on-demand sessions, challenges, study groups, and certification opportunities.
| User | Count |
|---|---|
| 22 | |
| 20 | |
| 14 | |
| 13 | |
| 13 |
| User | Count |
|---|---|
| 63 | |
| 41 | |
| 40 | |
| 39 | |
| 38 |