Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Score big with last-minute savings on the final tickets to FabCon Vienna. Secure your discount

Reply
sanjanarama
Resolver I
Resolver I

RLS, OLS and Field level security in powerbi

‎03-07-2025 03:43 AM

I have three tables named 

 

User table :

UserIDPermision Set ID
1a
1b
2c
3a
4c

 

 

Object level security table

Permision Set IDtable names
atable1
atable2
atable3
btable2
btable3
ctable4



field level security:

Permision Set IDcolumn access
atable1.name
atable1.address
atable3.ID
btable2.country
btable3.ID
ctable4.fathername

 

 

Please let me know how to implement all three using dynamicallly

sample output when user "1" is viewing the report is :

table4.fathername
rajesh
ramsi
deepak
sudeep
laksmi



Labels:
Message 1 of 9
801 Views
1 ACCEPTED SOLUTION
rohit1991
Super User
Super User

‎03-07-2025 11:41 PM

Hi @sanjanarama,

To dynamically implement Row-Level Security (RLS), Object-Level Security (OLS), and Field-Level Security (FLS) in Power BI, start by defining relationships between the User Table, Object-Level Security Table, and actual data tables based on the Permission Set ID. For RLS, create a role in Manage Roles using a DAX filter like [UserID] = USERPRINCIPALNAME(), ensuring users can only see the data assigned to their Permission Set ID. For OLS, use Tabular Editor to restrict access to entire tables by filtering the Object Level Security Table to check if a table name exists in the user's assigned permissions, dynamically controlling visibility. 

 

To enforce FLS, create a calculated column or dynamic measure that checks if a user has permission to view a specific column, filtering the Field Level Security Table for matching Permission Set IDs and using CONTAINS logic to restrict access dynamically. By applying these techniques, when User 1 logs in, they will only see data related to their permissions, such as the father's name column from Table 4, ensuring secure and dynamic access control in Power BI.


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!

View solution in original post

Message 5 of 9
711 Views
0
8 REPLIES 8
V-yubandi-msft
Community Support
Community Support

‎05-08-2025 09:34 AM

Hi @sanjanarama ,

May I ask if you have resolved this issue? If so, please mark the helpful reply and accept it as the solution. This will be helpful for other community members who have similar problems to solve it faster.

Thank you.

Message 9 of 9
481 Views
0
V-yubandi-msft
Community Support
Community Support

‎05-05-2025 04:49 AM

Hi @sanjanarama ,

We haven’t received a response yet and want to ensure the solution met your needs. If you need any further assistance, feel free to reach out we’d be happy to help. If everything is working as expected, kindly mark it as Accepted as solution.

 

Thank You.

Message 8 of 9
501 Views
0
V-yubandi-msft
Community Support
Community Support

‎04-28-2025 04:46 AM

Hi @sanjanarama ,

I hope you had the opportunity to review the solutions shared earlier. If you have any additional questions or need further clarification, please let us know.

 

Additionally, I found a community discussion that might be helpful.
Solved: object level security - Microsoft Fabric Community

 

If there is any post helps, then please consider Accept it as the solution  to help the other members find it more quickly.

 

Regards,

Yugandhar.

Message 6 of 9
546 Views
0
V-yubandi-msft
Community Support
Community Support
In response to V-yubandi-msft

‎05-02-2025 04:34 AM

Hi @sanjanarama ,

Please let us know if your issue is solved. If it is, consider marking the answer that helped 'Accept as Solution', so others with similar queries can find it easily. If not, please share the details.
Thank you.

Message 7 of 9
515 Views
0
rohit1991
Super User
Super User

‎03-07-2025 11:41 PM

Hi @sanjanarama,

To dynamically implement Row-Level Security (RLS), Object-Level Security (OLS), and Field-Level Security (FLS) in Power BI, start by defining relationships between the User Table, Object-Level Security Table, and actual data tables based on the Permission Set ID. For RLS, create a role in Manage Roles using a DAX filter like [UserID] = USERPRINCIPALNAME(), ensuring users can only see the data assigned to their Permission Set ID. For OLS, use Tabular Editor to restrict access to entire tables by filtering the Object Level Security Table to check if a table name exists in the user's assigned permissions, dynamically controlling visibility. 

 

To enforce FLS, create a calculated column or dynamic measure that checks if a user has permission to view a specific column, filtering the Field Level Security Table for matching Permission Set IDs and using CONTAINS logic to restrict access dynamically. By applying these techniques, when User 1 logs in, they will only see data related to their permissions, such as the father's name column from Table 4, ensuring secure and dynamic access control in Power BI.


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!
Message 5 of 9
712 Views
0
grazitti_sapna
Super User
Super User

‎03-07-2025 04:46 AM

Hi @sanjanarama,

 

Following is one way to dynamically enforce object‐ and field‐level security with your three tables. The basic idea is to implement dynamic row‑level security (RLS) on the basis of the logged-in user and then "join" (through relationships or DAX lookups) the user's allowed permission sets to the object-level and field‑level security tables. For instance, you can establish a connection between your User table and the security tables on "Permission Set ID." Next, create an RLS role that filters the User table based on a DAX expression like:

 

[UserID] = USERPRINCIPALNAME() // or an appropriate mapping to the current user

 

Once that’s in place, you can create measures that check whether a given field should be visible. For instance, to display the values in table4.fathername only if the current user’s permission sets include access to that column (as defined in your Field Level Security table), you could write a measure like:

 

Visible table4 fathername =
IF(
COUNTROWS(
FILTER(
'FieldLevelSecurity',
'FieldLevelSecurity'[Column access] = "table4.fathername" &&
'FieldLevelSecurity'[Permission Set ID] IN VALUES('User'[Permision Set ID])
)
) > 0,
[table4.fathername], // your measure or column from table4
BLANK()
)

 

In this example, if the logged‑in user (via the filtered User table) has a permission set that allows access to “table4.fathername” (for instance, if they belong to permission set “c”), then the measure returns the field’s value; otherwise it returns BLANK(). You can use similar patterns to control which tables (object-level) and which columns (field-level) appear in your report visuals.

 

🌟 I hope this solution helps you unlock your Power BI potential! If you found it helpful, click 'Mark as Solution' to guide others toward the answers they need.
💡 Love the effort? Drop the kudos! Your appreciation fuels community spirit and innovation.
🎖 As a proud SuperUser and Microsoft Partner, we’re here to empower your data journey and the Power BI Community at large.
🔗 Curious to explore more? [Discover here].
Let’s keep building smarter solutions together!

Message 2 of 9
757 Views
sanjanarama
Resolver I
Resolver I
In response to grazitti_sapna

‎03-07-2025 10:21 PM

@grazitti_sapna  how can you do this measure dynamic for all the columns/fields across all the tables? we cannot create each measure for each coulmns

Message 4 of 9
722 Views
0
sanjanarama
Resolver I
Resolver I
In response to grazitti_sapna

‎03-07-2025 05:17 AM

can you send a pbix file, im unable to implement the solution

Message 3 of 9
746 Views

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All