Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Don't miss out! 2025 Microsoft Fabric Community Conference, March 31 - April 2, Las Vegas, Nevada. Use code MSCUST for a $150 discount. Prices go up February 11th. Register now.

Reply
IHOUM
Frequent Visitor

Power BI RLS with organization hierarchy and hide other lines

‎04-22-2024 09:10 AM

Hello,

I would like to implement dynamic Row-Level Security (RLS) based on our organizational hierarchy. I want managers to be able to view the data pertaining to members of their team directly. For other entries, they should appear as "XXXX" alongside the associated values, as illustrated in the picture below.

 

IHOUM_0-1713802070472.png

 

I don't know how to display the other lines like this, any thoughts ? 

 

Message 1 of 4
247 Views
0
1 ACCEPTED SOLUTION
Bipin-Lala
Super User
Super User

‎04-22-2024 11:00 AM

Hi @IHOUM,

 

Since you haven't shared what your Power BI Model looks like or what relationships exist between various tables and fields, I am assuming that there must be table mapping managers with their team members.

 

Assuming you implement RLS correctly, then yes, a manager would be able to see the names of their team members, but other employees will get filtered out. Hence you won't be able to display entries with 'XXXXX' and corresponding Nb days, since the data should ideally get filtered out for the specific manager.

 

If you want to display the mask the employees who are not part of the manager's team, I would suggest creating a calculated measure/ column that would check if the members belong to logged in manager's team, otherwise display 'XXXXX'

Display Name = 
IF(
   'Hierarchy'[Manager] = USERNAME(),  -- Check if logged-in user is manager
   'Employee'[Name],                   -- Display actual name if manager
   "XXXX"                               -- Display "XXXX" otherwise
)

With the above DAX, you should be able to mask users that a manager should not be able to view, otherwise they should be able to view the complete data.

 

Let me know if the above fulfills your requirements. If it doesn't, can you please share some more details regarding your question, like table structure, and relationships, or maybe share the pbix file? RLS is suitable in this scenario if you don't want managers to view any data about team members that do not belong to their team, however in your case, we are not filtering the data, but rather masking the data.

All the best!'🙂




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


Regards,

Bipin Lala | Business Intelligence Developer



View solution in original post

Message 2 of 4
213 Views
0
3 REPLIES 3
Bipin-Lala
Super User
Super User

‎04-22-2024 11:00 AM

Hi @IHOUM,

 

Since you haven't shared what your Power BI Model looks like or what relationships exist between various tables and fields, I am assuming that there must be table mapping managers with their team members.

 

Assuming you implement RLS correctly, then yes, a manager would be able to see the names of their team members, but other employees will get filtered out. Hence you won't be able to display entries with 'XXXXX' and corresponding Nb days, since the data should ideally get filtered out for the specific manager.

 

If you want to display the mask the employees who are not part of the manager's team, I would suggest creating a calculated measure/ column that would check if the members belong to logged in manager's team, otherwise display 'XXXXX'

Display Name = 
IF(
   'Hierarchy'[Manager] = USERNAME(),  -- Check if logged-in user is manager
   'Employee'[Name],                   -- Display actual name if manager
   "XXXX"                               -- Display "XXXX" otherwise
)

With the above DAX, you should be able to mask users that a manager should not be able to view, otherwise they should be able to view the complete data.

 

Let me know if the above fulfills your requirements. If it doesn't, can you please share some more details regarding your question, like table structure, and relationships, or maybe share the pbix file? RLS is suitable in this scenario if you don't want managers to view any data about team members that do not belong to their team, however in your case, we are not filtering the data, but rather masking the data.

All the best!'🙂




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


Regards,

Bipin Lala | Business Intelligence Developer



Message 2 of 4
214 Views
0
IHOUM
Frequent Visitor
In response to Bipin-Lala

‎04-24-2024 02:06 AM

Hi @Bipin-Lala ,

 

Thank you for your solution. 

It is working really well with a measure but calculated column doesn't support dyanmic fields like USERNAME().

 

Message 3 of 4
196 Views
0
Bipin-Lala
Super User
Super User
In response to IHOUM

‎04-24-2024 08:22 AM

Hi @IHOUM,

 

Ahh, yes, that's absolutely correct. Calculated Columns are computed only once when the model is loaded/ dataset is refreshed and aren't dynamic as measures, and thus functions like USERNAME() and USERPRINCIPALNAME() will work with measures only. My bad!

Hope the solution is working as per your expectations! All the best!




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


Regards,

Bipin Lala | Business Intelligence Developer



Message 4 of 4
186 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All