The ultimate Microsoft Fabric, Power BI, Azure AI, and SQL learning event: Join us in Stockholm, September 24-27, 2024.
Save €200 with code MSCUST on top of early bird pricing!
Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started
Hello,
Overview: I created a report which uses Path function to get the org hierarchy structure and based on that I created a User role with the below dax formula:
pathcontains([path],userprincipalname()) && [EMAIL_ADDR] <> userprincipalname()
This allows the user to see data only under his org.
Problem: There are few users at CEO level who may or may not open this report even though they have access but have their Chief of Staff to view the report for them. I have the manual list of such users which I can import.
Question: How do I incorporate another condition in the above dax query to allow proxy users (Chief of staff) to access the report only for their corresponding CEO's?
thank you!
Solved! Go to Solution.
I was able to find a solution.
It works perfectly!
I was able to find a solution.
It works perfectly!
That sounds more like static RLS. In dynamic RLS scenarios you usually have a mapping table that list all permissions for each user separately, and allows you to handle such proxy scenarios with ease.
I want the dynamic rls to be still in-tact. So perhaps create a separate report for proxy users and apply static rls. Do you have any document I can follow to execute this?
That's what I am saying - go full dynamic RLS. Have a reference table with all the permissions for all the users.
I'm sorry, I'm not following. Currently I have created one role as "User" with the below formula:
pathcontains([path],userprincipalname()) && [EMAIL_ADDR] <> userprincipalname()
query for path is simple = path(EMAIL_ADDR, manager_email)
Access is provided only to leadership roles. but for some leaders, we want to provide access to their chief of staff (proxy users) to view the report on their behalf if they are not able to for some reason.
How do I embed this additional condition to the dax for the role created?
or shall I create another role for proxy users?
What you are doing is not dynamic RLS. It's something in between. Dynamic RLS maps a USERPRINCIPALNAME() to a reference table that holds all permissions.
Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.
Check out the August 2024 Power BI update to learn about new features.
Learn from experts, get hands-on experience, and win awesome prizes.
User | Count |
---|---|
108 | |
82 | |
77 | |
46 | |
39 |
User | Count |
---|---|
137 | |
108 | |
69 | |
64 | |
53 |