Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
Jaydo44
New Member

RLS - External User ID format

‎02-13-2023 05:07 AM

Hello, dears,

 

I need your support with RLS's various external user ID formats.
Indeed, I can see the following with only a few cases. When implementing the RLS in the PBI desktop, using the userprincipalname() function in the dax formula, I figured out that this function returns various cases (I speak only about external users😞

  • Either "firstname.lastname@domain.com"
  • Or "live.com#firstname.lastname@domain.com"
  • Or "firstname.lastname_domain.com#EXT#@company.onmicrosoft.com"

I based the filter on what we get from the Azure AD, which is not working because of the three cases already experienced (maybe there are more).

My question is simple:

How to deal with it?

Does it depend on how the invitation is sent to the external user from the Azure AD? For example, does it depend on the fact that the external id has a Microsoft account? Does it depend only on the external user domain (Gmail, Yahoo, etc.)?

I know that the question is quite broad, but maybe your experience can help, and I thank you in advance.

Labels:
Message 1 of 3
497 Views
0
2 REPLIES 2
Jaydo44
New Member

‎02-20-2023 01:18 AM

Hi Sheng,

 

Actually, I continued the investigation, alone and with Microsoft support. I think I'm close to the solution.


My first worries was to identify the different format of User ID. 
It seems that the prefix may vary, and the suffix (with #EXT#) is only used to test role in PBI Service.
But whatever the context, the best would be to remove the prefix or the suffix.

So I'm working on a new RLS dax formula that would extract either the left part of the User ID to remove the prefix (when the ext user logs in with such a prefix for instance), or to remove the right side of the User ID to test role in PBI service. 
For the other cases (to test the role with "view as" in PBI desktop, you can enter whatever you want).
The formula would look like:

[user] = RIGHT(SUBSTITUTE(userprincipalname(),"#","-"),LEN(SUBSTITUTE(userprincipalname(),"#","-"))- SEARCH("-", SUBSTITUTE(userprincipalname(),"#","-") ,1,0))||[user] = userprincipalname()|| [user] = SUBSTITUTE(PATHITEM(SUBSTITUTE(USERPRINCIPALNAME(),"#","|"),1),"_","@").

I think we can accept this answer as solution for this question.

Message 3 of 3
435 Views
Anonymous
Not applicable

‎02-14-2023 06:16 PM

Hi @Jaydo44,

Perhaps you can add some if statement to check if current account is an external account(the account include #EXT#), then you can remove the right part(#EXT#@company.onmicrosoft.com) and replace domain part string(_domain.com) to the normal domain(@domain.com) to apply RLS filter.

Regards,

Xiaoxin Sheng

Message 2 of 3
478 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

September Power BI Update Carousel

Power BI Monthly Update - September 2025

Check out the September 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All