Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
yoismelp
Frequent Visitor

Power BI Global Role Level Security

‎01-16-2022 07:22 PM

To any one reading this, I was wondering if you have come to a situation where you implement RLS on all of your reports (let say about 30). The RLS is set so that users assigned to site A Active Directory (AD) group can only see data for site A, users assigned to site B (AD) group can only see data for site B, and so on. For example, let say I have a fact table for Sites and I create RLS on this table and my RLS are:


SiteA --> filter created is --> [site] = A

SiteB --> filter created is --> [site] = B

 

The issue now is that when a new sites C, D, and so on are open, then all reports need to be updated to add a new RLS and corresponding assignments need to be done in the portal. For example:

 

SiteC --> filter created is --> [site] = C

SiteD --> filter created is --> [site] = D

 

Is there any good solution for something like this where each report won't need to be updated everytime a new site is added? I am looking for a way to set global RLS for all the reports in my environment or something that could work similar to this. If it exists, I am not aware of it.
Thanks in advanced for your feedback.

Labels:
Message 1 of 3
899 Views
0
1 ACCEPTED SOLUTION
amitchandak
Super User
Super User

‎01-17-2022 12:16 AM

@yoismelp . Have you create a table like

Site - Email and joined it with fact table  (many to many bi-direction is fine too)

 

and then create a role with filter

[Email] = userprincipalname()

 

I think this approach should work

 

Assign this role to a security group

 

 

How to use Row Level Security (RLS): https://youtu.be/NfdIA0uS6Nk

Join us as experts from around the world come together to shape the future of data and AI!
At the Microsoft Analytics Community Conference, global leaders and influential voices are stepping up to share their knowledge and help you master the latest in Microsoft Fabric, Copilot, and Purview.
️ November 12th-14th, 2024
 Online Event
Register Here

View solution in original post

Message 2 of 3
839 Views
2 REPLIES 2
amitchandak
Super User
Super User

‎01-17-2022 12:16 AM

@yoismelp . Have you create a table like

Site - Email and joined it with fact table  (many to many bi-direction is fine too)

 

and then create a role with filter

[Email] = userprincipalname()

 

I think this approach should work

 

Assign this role to a security group

 

 

How to use Row Level Security (RLS): https://youtu.be/NfdIA0uS6Nk

Join us as experts from around the world come together to shape the future of data and AI!
At the Microsoft Analytics Community Conference, global leaders and influential voices are stepping up to share their knowledge and help you master the latest in Microsoft Fabric, Copilot, and Purview.
️ November 12th-14th, 2024
 Online Event
Register Here
Message 2 of 3
840 Views
yoismelp
Frequent Visitor
In response to amitchandak

‎01-17-2022 03:27 PM

@amitchandak , this helped. Thank you very much! I am glad I had a Power Automate job pushing the Azure AD data to SQL.
With that, I created a dataflow table (my users-sites table as you suggested) and now I can use that in all of our reports and when an update is needed, now we just need to update the dataflow. However, do you know if there is an easy way to get the AD data into Power BI without copying the data to SQL first so the PBI does not rely on this flow? 

Message 3 of 3
803 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All