Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
IHOUM
Frequent Visitor

Power BI RLS with organization hierarchy and hide other lines

‎04-22-2024 09:10 AM

Hello,

I would like to implement dynamic Row-Level Security (RLS) based on our organizational hierarchy. I want managers to be able to view the data pertaining to members of their team directly. For other entries, they should appear as "XXXX" alongside the associated values, as illustrated in the picture below.

 

IHOUM_0-1713802070472.png

 

I don't know how to display the other lines like this, any thoughts ? 

 

Message 1 of 4
101 Views
0
1 ACCEPTED SOLUTION
Bipin-Lala
Responsive Resident
Responsive Resident

‎04-22-2024 11:00 AM

Hi @IHOUM,

 

Since you haven't shared what your Power BI Model looks like or what relationships exist between various tables and fields, I am assuming that there must be table mapping managers with their team members.

 

Assuming you implement RLS correctly, then yes, a manager would be able to see the names of their team members, but other employees will get filtered out. Hence you won't be able to display entries with 'XXXXX' and corresponding Nb days, since the data should ideally get filtered out for the specific manager.

 

If you want to display the mask the employees who are not part of the manager's team, I would suggest creating a calculated measure/ column that would check if the members belong to logged in manager's team, otherwise display 'XXXXX'

Display Name = 
IF(
   'Hierarchy'[Manager] = USERNAME(),  -- Check if logged-in user is manager
   'Employee'[Name],                   -- Display actual name if manager
   "XXXX"                               -- Display "XXXX" otherwise
)

With the above DAX, you should be able to mask users that a manager should not be able to view, otherwise they should be able to view the complete data.

 

Let me know if the above fulfills your requirements. If it doesn't, can you please share some more details regarding your question, like table structure, and relationships, or maybe share the pbix file? RLS is suitable in this scenario if you don't want managers to view any data about team members that do not belong to their team, however in your case, we are not filtering the data, but rather masking the data.

All the best!'🙂

View solution in original post

Message 2 of 4
67 Views
0
3 REPLIES 3
Bipin-Lala
Responsive Resident
Responsive Resident

‎04-22-2024 11:00 AM

Hi @IHOUM,

 

Since you haven't shared what your Power BI Model looks like or what relationships exist between various tables and fields, I am assuming that there must be table mapping managers with their team members.

 

Assuming you implement RLS correctly, then yes, a manager would be able to see the names of their team members, but other employees will get filtered out. Hence you won't be able to display entries with 'XXXXX' and corresponding Nb days, since the data should ideally get filtered out for the specific manager.

 

If you want to display the mask the employees who are not part of the manager's team, I would suggest creating a calculated measure/ column that would check if the members belong to logged in manager's team, otherwise display 'XXXXX'

Display Name = 
IF(
   'Hierarchy'[Manager] = USERNAME(),  -- Check if logged-in user is manager
   'Employee'[Name],                   -- Display actual name if manager
   "XXXX"                               -- Display "XXXX" otherwise
)

With the above DAX, you should be able to mask users that a manager should not be able to view, otherwise they should be able to view the complete data.

 

Let me know if the above fulfills your requirements. If it doesn't, can you please share some more details regarding your question, like table structure, and relationships, or maybe share the pbix file? RLS is suitable in this scenario if you don't want managers to view any data about team members that do not belong to their team, however in your case, we are not filtering the data, but rather masking the data.

All the best!'🙂

Message 2 of 4
68 Views
0
IHOUM
Frequent Visitor
In response to Bipin-Lala

‎04-24-2024 02:06 AM

Hi @Bipin-Lala ,

 

Thank you for your solution. 

It is working really well with a measure but calculated column doesn't support dyanmic fields like USERNAME().

 

Message 3 of 4
50 Views
0
Bipin-Lala
Responsive Resident
Responsive Resident
In response to IHOUM

‎04-24-2024 08:22 AM

Hi @IHOUM,

 

Ahh, yes, that's absolutely correct. Calculated Columns are computed only once when the model is loaded/ dataset is refreshed and aren't dynamic as measures, and thus functions like USERNAME() and USERPRINCIPALNAME() will work with measures only. My bad!

Hope the solution is working as per your expectations! All the best!

Message 4 of 4
40 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All