Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Try your skills in the Power BI Dataviz World Championship! Round one ends June 26. Join now

Reply
jimrosser
Helper III
Helper III

RLS Hierarchy - Give some Managers unrestricted access

‎08-23-2024 07:59 AM

I have set up RLS path hierarchy for my organization and it reacts well.  However I'd like for CFO & CEO users to have access to all records how can I achieve this?  My model is much bigger than this but is shortened for example.

 

Employee IDEmployeeAD AccountManager IDMN
1Employee1Employee1@cnn.com CEO
2Employee2Employee2@cnn.com CFO
3Employee3Employee3@cnn.com1 
4Employee4Employee4@cnn.com3 
5Employee5Employee5@cnn.com3 
6Employee6Employee6@cnn.com2 
7Employee7Employee7@cnn.com6 
8Employee8Employee8@cnn.com5 
9Employee9Employee9@cnn.com2 
Labels:
Message 1 of 5
514 Views
0
4 REPLIES 4
Syndicate_Admin
Administrator
Administrator

‎08-23-2024 08:31 AM

Can you provide a view of your roles?

I have solved these issues by creating a role without any conditions. Then assign admin users in the published report

Message 2 of 5
493 Views
0
jimrosser
Helper III
Helper III
In response to Syndicate_Admin

‎08-23-2024 08:55 AM

@Syndicate_Admin - I don't really have any roles established, just the hierarchy of who reports to which users.  below is my security role filter:

PATHCONTAINS([Hierarchy Path], [Current User ID]) = TRUE
 
I'm thiking that if I were to place in the filter equaling CFO or CEO then it would allow for all access to users in the table.
Employee IDEmployeeAD AccountManager IDRole
1Employee1Employee1@cnn.com CEO
2Employee2Employee2@cnn.com CFO
3Employee3Employee3@cnn.com1 
4Employee4Employee4@cnn.com3 
5Employee5Employee5@cnn.com3 
6Employee6Employee6@cnn.com2 
7Employee7Employee7@cnn.com6 
8Employee8Employee8@cnn.com5 
9Employee9Employee9@cnn.com2 
Message 3 of 5
484 Views
0
jimrosser
Helper III
Helper III
In response to jimrosser

‎08-23-2024 12:41 PM

i saw some stuff about creating a column with super user indicated with a1 or 0 but am having a hard

IF(
    LOOKUPVALUE(
        data987654[Super User],
        data987654[AD Account],USERPRINCIPALNAME())=1,
    true(),
    PATHCONTAINS([Hierarchy Path], [Current User ID]) = TRUE)

time getting it to work with my hierarchy

Message 4 of 5
465 Views
0
Anonymous
Not applicable
In response to jimrosser

‎08-25-2024 11:42 PM

Hello,@Syndicate_Admin,thanks for your concern about this issue.

Your answer is excellent!
And I would like to share some additional solutions below.
Hi,@jimrosser .I am glad to help you.

I think you can create different rls roles by using this measure you wrote as a filter condition
When measure = True, then it means CEO, no dax constraints are set at this time.
i.e. True, otherwise it is a normal employee, applying the corresponding RLS logic restrictions as normal.
To set up row-level security (RLS) for a role like administrator or CEO to be able to view all data, you can use a simple DAX expression to ensure that the role does not have any filter constraints
like this.


IF(measure =TRUE(),
True(),
Other judgment logic...)

 

I hope my suggestions give you good ideas, if you have any more questions, please clarify in a follow-up reply.

Best Regards,

Carson Jian,

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 5 of 5
421 Views
0

Helpful resources

Announcements
Fabric Data Days is here Carousel

Fabric Data Days 2026

Don't miss out on Data Days, June 15 through August 7. Learn Fabric, Power BI, SQL, AI and more.

May Power BI Update Carousel

Power BI Monthly Update - May 2026

Check out the May 2026 Power BI update to learn about new features.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All