March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early bird discount ends December 31.
Register NowBe one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now
Currently I have a working report with RLS. I am using emails for the security for users accessing through Power BI Service. My RLS Table has names, divisions they can have access to, and emails for the columns, and flows through a division table to the master data - when someone logs on, they are allowed to see the divisions that are in the column next to their email in the RLS linked table (excel file for ease up update). If they have multiple divisions they can have access to, their name/email will appear on multiple rows, on for each division they shold be ablt to access. Works perfectly currently.
I have been asked to also restrict data from a specific account - right now a user can see all accounts in a division they have access to. My guess on how to build this would be to create an account table similar to the division table, as well as add another column in the RLS table to link to the account table and have the RLS flow though it to the main data - if a user does not meet both, they will see nothing.
My concern is that I have been asked to exclude 1 account from 4 divisions out of 11, and there are 114 accounts, and about 50 users. If I have to replicate a row for every user for every account, the RLS file will become unmanageable.
Is there an easier way to restrict one account from 4 divisions in RLS?
That would be amazing.
I've updated the RLS table as you suggested, so that users/emails in the 4 divisions have the account name in a 4th column called "Excluded Accounts"
Is this RLS DAX code for the RLS filter in Manage Roles after 1 [Email] == USERPRINCIPALNAME()?
You could build it out as an excluded account.
RLS Table Example:
Email Division ExcludedAccount
user1@example.com | Division1 | AccountA |
user1@example.com | Division2 | |
user2@example.com | Division3 | AccountA |
user2@example.com | Division4 | |
user3@example.com | Division1 |
RLS DAX Filter
[Division] IN VALUES(RLS[Division]) &&
(
ISBLANK(RLS[ExcludedAccount]) ||
NOT ([Account] = RLS[ExcludedAccount] && [Division] IN {"Division1", "Division2", "Division3", "Division4"})
)
I am getting the error: The synatax for '[Division]' is incorrect
Here is what I have in the Manage Security Roles DAX editor for the role I created on the RLS table
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!
Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.
Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.
User | Count |
---|---|
128 | |
90 | |
75 | |
56 | |
53 |
User | Count |
---|---|
200 | |
104 | |
101 | |
67 | |
55 |