Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, the Microsoft Fabric Community team will be offering free DP-600 exam vouchers. Prepare now

Reply
z-rising
Frequent Visitor

RLS Security with 2 categories / restrictions

Currently I have a working report with RLS.  I am using emails for the security for users accessing through Power BI Service.  My RLS Table has names, divisions they can have access to, and emails for the columns, and flows through a division table to the master data - when someone logs on, they are allowed to see the divisions that are in the column next to their email in the RLS linked table (excel file for ease up update).  If they have multiple divisions they can have access to, their name/email will appear on multiple rows, on for each division they shold be ablt to access.  Works perfectly currently.

 

I have been asked to also restrict data from a specific account - right now a user can see all accounts in a division they have access to.  My guess on how to build this would be to create an account table similar to the division table, as well as add another column in the RLS table to link to the account table and have the RLS flow though it to the main data - if a user does not meet both, they will see nothing.

 

My concern is that I have been asked to exclude 1 account from 4 divisions out of 11, and there are 114 accounts, and about 50 users.  If I have to replicate a row for every user for every account, the RLS file will become unmanageable.

 

Is there an easier way to restrict one account from 4 divisions in RLS?

3 REPLIES 3
z-rising
Frequent Visitor

That would be amazing.

 

I've updated the RLS table as you suggested, so that users/emails in the 4 divisions have the account name in a 4th column called "Excluded Accounts"

 

Is this RLS DAX code for the RLS filter in Manage Roles after 1 [Email] == USERPRINCIPALNAME()?

aduguid
Super User
Super User

You could build it out as an excluded account. 

 

RLS Table Example:

Email Division ExcludedAccount

user1@example.comDivision1AccountA
user1@example.comDivision2 
user2@example.comDivision3AccountA
user2@example.comDivision4 
user3@example.comDivision1

 

RLS DAX Filter

 

[Division] IN VALUES(RLS[Division]) &&
(
    ISBLANK(RLS[ExcludedAccount]) ||
    NOT ([Account] = RLS[ExcludedAccount] && [Division] IN {"Division1", "Division2", "Division3", "Division4"})
)

 

 

I am getting the error: The synatax for '[Division]' is incorrect

 

Here is what I have in the Manage Security Roles DAX editor for the role I created on the RLS table

 

[Email] == USERPRINCIPALNAME()
[Division] IN VALUES (RLS[Division]) &&
(
    ISBLANK(RLS[ExcludedAccount]) ||
    NOT ([Account Name] = RLS[ExcludedAccount] && [Division] in {"North America", "South America", "Europe", "Asia"}
    )
 
I updated my RLS table to have 4 columns - "Username" "Division" "Email" "Excluded Account"
 
The RLS table has "Store Losses" in the ExcludedAccount column for every row that has either North America, South America, Europe, or Asia in the Division column.
 
The first line of code is obviously the original row level security to limit access based on email matching division (some users are repeated with more than one division)
 
The two data tables that everything comes from use the columns "Account Name" for the first and "Account Descrpition" for the second that I am trying to reference against, so I may need to do the code twice once it's working.
 
The only other thing I can think of is that the table the RLS flows through into the two data tables is named "Division II" becasue of replication from other table relationships, I just made a new one specifically for the RLS purpose.

Helpful resources

Announcements
OCT PBI Update Carousel

Power BI Monthly Update - October 2024

Check out the October 2024 Power BI update to learn about new features.

September Hackathon Carousel

Microsoft Fabric & AI Learning Hackathon

Learn from experts, get hands-on experience, and win awesome prizes.

October NL Carousel

Fabric Community Update - October 2024

Find out what's new and trending in the Fabric Community.