Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

To celebrate FabCon Vienna, we are offering 50% off select exams. Ends October 3rd. Request your discount now.

Reply
ahsan005
Frequent Visitor

RLS for 3 Tier Hierarchy – Two Way Filtering

‎04-03-2024 01:54 PM

Hi All,

I have a 3 Tier Hierarchy (Regional, Area & Territory Manager) for which I’ve successfully implemented RLS by creating a separate RLS _Hierarchy table based on the roles. My lowest granularity is the SAP ID on the basis of which I’ve joined the tables. Data Model screenshot attached and below is the RLS role I’ve created for RLS_Hierarchy table:

IF(
[DIVISION_USERPRINCIPALNAME] = USERPRINCIPALNAME () ||
[AREA_USERPRINCIPALNAME] = USERPRINCIPALNAME () ||
[USERPRINCIPALNAME_MANAGER] = USERPRINCIPALNAME (),
TRUE(),
FALSE()
)

So if a RM logs in, he can see all his areas & territories, Similarly an area manager can see all his territories and territory manager being the lowest in hierarchy can see his territory data only.

 

For the National View (not affected by RLS & visible to all irrespective of who logs in) I’ve created an aggregated fact_sales table so whoever logs in can see all the data since this table is not part of RLS filteration.

 

Now my question is that I want to do the same for the Area Manager & Territory Manager. For e.g. If an area manager logs in, he can see the complete value for the region that he belongs to and not only the regional values that correspond to his area. Similarly a territory manager can see the values for his complete area and not only the area values that reflect his territory. Kind of a two-way filtering thing.

Screenshot ‘RLS_Hierarchy’ attached that shows the rows when territory manager abc_789@check.com logs in and can see his territory data but as you can see area Lahore and region North are getting filtered out on the basis of SAP IDs that only belong to 1101.

 

I know this concept violates the RLS principle but is there a possibility of doing this through changes in the data model? complex DAX as RLS role?

 

@AlexisOlson Can you please have a look?

 

Data Model.pngRLS_Hierarchy 1101.png

Labels:
Message 1 of 6
530 Views
0
5 REPLIES 5
Anonymous
Not applicable

‎04-03-2024 11:34 PM

Hi @ahsan005 ,

Please refer this case, hope it is helpful for you:

Solved: Want to create a hierarchy based Metrics with user... - Microsoft Fabric Community

 

Best regards,
Community Support Team_Binbin Yu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 6
479 Views
0
ahsan005
Frequent Visitor
In response to Anonymous

‎04-07-2024 05:03 AM

This also works in one direction from higher to lower which I've already implemented. I'm looking for a solution that allows me to go two ways. 

 

@lbendlin @Ritaf1983 @Greg_Deckler seniors, could you please have a look?

Message 3 of 6
468 Views
0
lbendlin
Super User
Super User
In response to ahsan005

‎04-07-2024 03:36 PM

What's the point of RLS if you are filtering up?  Can you challenge if RLS is actually required for your use case?

 

Anyway, your rule can be refactored as

 

 

USERPRINCIPALNAME() IN {
[DIVISION_USERPRINCIPALNAME],
[AREA_USERPRINCIPALNAME],
[USERPRINCIPALNAME_MANAGER]}

 

Message 4 of 6
450 Views
0
ahsan005
Frequent Visitor
In response to lbendlin

‎04-07-2024 11:46 PM

Yes, RLS is required based on the hierarchy that is mentioned. Actually, we have 3 different sets of visuals for Region, Area & Territory so when a terrritory manager 1101, as shown in the screenshot above logs in, he sees the same values in all 3 sets. We are looking for a solution, if possible, to reflect complete values in the higher hierarchy visuals.

 

So territory manager for 1101 sees his values in territory visuals, but he needs to see the complete (aggregated) values of area 'Lahore' which is made up of a total of 10 territories. So he can see the aggregarted values in Area visual but not the individual territory values. Similarly for Region.

Message 5 of 6
431 Views
0
lbendlin
Super User
Super User
In response to ahsan005

‎04-09-2024 08:09 AM

Might be easier to use three different reports/audiences.

Message 6 of 6
411 Views
0

Helpful resources

Announcements
September Power BI Update Carousel

Power BI Monthly Update - September 2025

Check out the September 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All