Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Learn from the best! Meet the four finalists headed to the FINALS of the Power BI Dataviz World Championships! Register now

Reply
Alatha
Frequent Visitor

RLS on 2 personas in single report/dataset

‎02-07-2026 12:04 AM

I have one report and it has two personas site owners ans service owners. 
And created 2 roless

site owners - rls applied 

Service owners - no filters 

as I have single report and it has home page with 2 buttons visit site owner view & visit service owners view and based on the  page navigations 

now scenario 1. - when site owners access the report should see site owners button and should able to see the sites they own.

scenario -2 - when service owner access the report should see both buttons and when clicks on service owners should see all sites and clicks on site owners should see only owned sites.

working as expected -Site owners access able to see only single button and also see the sites they own 

problem - when service owner access the report and able to see both buttons and clicks on service owners button able to see all sites BUT when clicks on site owners button also seeing all sites instead of sites they own.

please assist me to achieve this as expected

 

Labels:
Message 1 of 17
710 Views
0
1 ACCEPTED SOLUTION
v-nmadadi-msft
Community Support
Community Support
In response to Alatha

‎02-09-2026 08:48 PM

Hi @Alatha ,
Thanks for reaching out to the Microsoft Fabric Community forum.

Instead of trying to handle multiple personas within a single report, a better and more maintainable approach would be to create two separate reports using the same data model. One report would be published without any RLS filters, intended for Service Owners who require full visibility across all sites. The second report would include the necessary RLS filters and would be used by Site Owners to restrict data visibility to only the sites they own.

This approach avoids the limitations you are currently encountering with RLS and page navigation, simplifies the security model, and ensures predictable behavior for each user group. Users can then access the report that best fits their role, without relying on conditional logic or workarounds within a single report.

 

I hope this information helps. Please do let us know if you have any further queries.
Thank you

View solution in original post

Message 4 of 17
579 Views
0
16 REPLIES 16
Alatha
Frequent Visitor

‎02-07-2026 12:11 AM

I have one report and it has two personas site owners ans service owners. 
And created 2 roless

site owners - rls applied 

Service owners - no filters 

as I have single report and it has home page with 2 buttons visit site owner view & visit service owners view and based on the  page navigations 

now scenario 1. - when site owners access the report should see site owners button and should able to see the sites they own.

scenario -2 - when service owner access the report should see both buttons and when clicks on service owners should see all sites and clicks on site owners should see only owned sites.

working as expected -Site owners access able to see only single button and also see the sites they own 

problem - when service owner access the report and able to see both buttons and clicks on service owners button able to see all sites BUT when clicks on site owners button also seeing all sites instead of sites they own.

please assist me to achieve this as expected

 

Message 14 of 17
677 Views
0
Mauro89
Super User
Super User
In response to Alatha

‎02-08-2026 11:34 PM

Hi @Alatha

Iam not sure if I got you right. Thats what I understood.

Site owner role -> only see data based on RLS

Service owner role -> see all data as no RLS applied

So if someone is assigned to the service owner role, hence clicking on the service owner button (which is just navigation, nothing related to RLS), the report shows all data. 

If my understanding is correct you may need a workaround as RLS is not possible to do on page level (yet). Only thing I can imagine is to do a filtering on page/visual level. Another but more effort option is to separate the two pages into two reports. Just having the "landing" page and the link with the two buttons to both reports.

 

Hope this helps!

 

Best regards!

PS: If you find this post helpful consider leaving kudos or mark it as solution

Message 15 of 17
589 Views
v-menakakota
Community Support
Community Support
In response to Mauro89

‎02-10-2026 08:13 PM

Hi @Alatha ,

Thanks for reaching out to the Microsoft fabric community forum. 

 

I would also take a moment to thank @Mauro89   , for actively participating in the community forum and for the solutions you’ve been sharing in the community forum. Your contributions make a real difference.

I hope the above details help you fix the issue. If you still have any questions or need more help, feel free to reach out. We’re always here to support you 

 

Best Regards, 
Community Support Team

Message 16 of 17
562 Views
v-menakakota
Community Support
Community Support
In response to v-menakakota

‎02-15-2026 11:31 PM

Hi @Alatha 

I hope the above details help you fix the issue. If you still have any questions or need more help, feel free to reach out. We’re always here to support you .

 

Best Regards, 
Community Support Team

Message 17 of 17
511 Views
0
Alatha
Frequent Visitor

‎02-07-2026 12:45 AM

I have one report and it has two personas site owners ans service owners. 
And created 2 roless

site owners - rls applied 

Service owners - no filters 

as I have single report and it has home page with 2 buttons visit site owner view & visit service owners view and based on the  page navigations 

now scenario 1. - when site owners access the report should see site owners button and should able to see the sites they own.

scenario -2 - when service owner access the report should see both buttons and when clicks on service owners should see all sites and clicks on site owners should see only owned sites.

working as expected -Site owners access able to see only single button and also see the sites they own 

problem - when service owner access the report and able to see both buttons and clicks on service owners button able to see all sites BUT when clicks on site owners button also seeing all sites instead of sites they own.

please assist me to achieve this as expected

 

Message 7 of 17
790 Views
0
Jaywant-Thorat
Super User
Super User
In response to Alatha

‎02-07-2026 12:05 PM
Hi @Alatha ,
You’re very close already, the issue you’re facing is a classic RLS + navigation + role-evaluation limitation in Power BI, not a mistake in your logic. Let me explain why it happens and then give you correct architectures to achieve your expected behavior.
 
Root Cause (Very Important):
RLS is evaluated only once per user session, not per page or button click.
So in your case:
  • Service Owner is mapped to a role without filters
  • Once the report loads, Power BI decides:
    • “This user has unrestricted access”
  • Page navigation cannot re-apply RLS
  • Therefore:
    • Service Owner >> Site Owner page >> still sees ALL sites
This is by design in Power BI. Buttons, bookmarks, and navigation cannot change RLS context.
 
What You Want:
Persona Page Expected Data
Site Owner Any page Only owned sites
Service Owner Service Owner page All sites
Service Owner Site Owner page Only owned sites
This means conditional data restriction inside the same role. RLS alone cannot do this.
 
Solution 1: Use Dynamic RLS + USERPRINCIPALNAME(), instead of “No filter” role for Service Owners.
Step 1: Create a Security Mapping Table named 'UserAccess'
UserEmail SiteID AccessType
a@org.com S1 Site
a@org.com S2 Site
a@org.com ALL Service
b@org.com S3 Site
 
Step 2: Single RLS Role:
Apply this filter on UserAccess table:
---DAX---
UserAccess[UserEmail] = USERPRINCIPALNAME()
---DAX---
Now both personas are handled dynamically.
 
Step 3: Control Data by Page (KEY PART)
Create a Page Type table (Disconnected):
PageType
Site
Service
 
Step 4: Measure to Control Visibility
---DAX---
CanSeeSite =
VAR IsServiceOwner =
    CALCULATE(
        COUNTROWS(UserAccess),
        UserAccess[AccessType] = "Service"
    ) > 0
 
VAR PageTypeSelected =
    SELECTEDVALUE(PageType[PageType])
 
RETURN
SWITCH(
    TRUE(),
    PageTypeSelected = "Service", 1,
    PageTypeSelected = "Site" && IsServiceOwner, 1,
    PageTypeSelected = "Site" && NOT IsServiceOwner, 1,
    0
)
---DAX---
 
Step 5: Filter Your Visuals
Apply Visual-level filter:
CanSeeSite = 1
 
Result:
Service Owner >> Service page >> All sites
Service Owner >> Site page >> Only owned sites
Site Owner >> Only Site page >> Only owned sites
 
=================================================================
Did I answer your question? Mark my post as a solution! This will help others on the forum!
Appreciate your Kudos!!
Jaywant Thorat | MCT | Data Analytics Coach
#MissionPowerBIBharat
LIVE with Jaywant Thorat
Message 11 of 17
694 Views
v-menakakota
Community Support
Community Support
In response to Jaywant-Thorat

‎02-10-2026 08:31 PM

Hi @Alatha ,

Thanks for reaching out to the Microsoft fabric community forum. 

 

I would also take a moment to thank  @Jaywant-Thorat  , for actively participating in the community forum and for the solutions you’ve been sharing in the community forum. Your contributions make a real difference.

I hope the above details help you fix the issue. If you still have any questions or need more help, feel free to reach out. We’re always here to support you 

 

Best Regards, 
Community Support Team

Message 12 of 17
614 Views
0
v-menakakota
Community Support
Community Support
In response to v-menakakota

‎02-15-2026 11:31 PM

Hi @Alatha ,

I hope the above details help you fix the issue. If you still have any questions or need more help, feel free to reach out. We’re always here to support you .

 

Best Regards, 
Community Support Team

Message 13 of 17
521 Views
0
Natarajan_M
Responsive Resident
Responsive Resident
In response to Alatha

‎02-07-2026 11:39 AM

Hi @Alatha , can you share the sample value and the modelling details to understand the problem statement better

Message 10 of 17
713 Views
0
GeraldGEmerick
Super User
Super User
In response to Alatha

‎02-07-2026 06:40 AM

@Alatha You need to add an RLS rule for the Service Owners to only be able to see the sites they own.

Message 8 of 17
748 Views
Alatha
Frequent Visitor
In response to GeraldGEmerick

‎02-07-2026 06:57 AM

Hi @GeraldGEmerick , thanks for your reply.

if I apply rls to service owners then site owners view behave as expected like they can see the sites they own but service owner view also behave like site owners view 

expectation is service owner access the report in service owner view should able to see all sites and site owners view should see the site they own 

 

Message 9 of 17
742 Views
0
v-nmadadi-msft
Community Support
Community Support

‎02-16-2026 02:53 AM

Hi @Alatha 

May I check if this issue has been resolved? If not, Please feel free to contact us if you have any further questions.


Thank you

Message 6 of 17
517 Views
0
v-nmadadi-msft
Community Support
Community Support

‎02-12-2026 08:58 PM

Hi @Alatha 

I wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions.


Thank you.

Message 5 of 17
546 Views
0
Jaywant-Thorat
Super User
Super User

‎02-07-2026 12:06 PM
Hi @Alatha ,
You’re very close already, the issue you’re facing is a classic RLS + navigation + role-evaluation limitation in Power BI, not a mistake in your logic. Let me explain why it happens and then give you correct architectures to achieve your expected behavior.
 
Root Cause (Very Important):
RLS is evaluated only once per user session, not per page or button click.
So in your case:
  • Service Owner is mapped to a role without filters
  • Once the report loads, Power BI decides:
    • “This user has unrestricted access”
  • Page navigation cannot re-apply RLS
  • Therefore:
    • Service Owner >> Site Owner page >> still sees ALL sites
This is by design in Power BI. Buttons, bookmarks, and navigation cannot change RLS context.
 
What You Want:
Persona Page Expected Data
Site Owner Any page Only owned sites
Service Owner Service Owner page All sites
Service Owner Site Owner page Only owned sites
This means conditional data restriction inside the same role. RLS alone cannot do this.
 
Solution 1: Use Dynamic RLS + USERPRINCIPALNAME(), instead of “No filter” role for Service Owners.
Step 1: Create a Security Mapping Table named 'UserAccess'
UserEmail SiteID AccessType
a@org.com S1 Site
a@org.com S2 Site
a@org.com ALL Service
b@org.com S3 Site
 
Step 2: Single RLS Role:
Apply this filter on UserAccess table:
---DAX---
UserAccess[UserEmail] = USERPRINCIPALNAME()
---DAX---
Now both personas are handled dynamically.
 
Step 3: Control Data by Page (KEY PART)
Create a Page Type table (Disconnected):
PageType
Site
Service
 
Step 4: Measure to Control Visibility
---DAX---
CanSeeSite =
VAR IsServiceOwner =
    CALCULATE(
        COUNTROWS(UserAccess),
        UserAccess[AccessType] = "Service"
    ) > 0
 
VAR PageTypeSelected =
    SELECTEDVALUE(PageType[PageType])
 
RETURN
SWITCH(
    TRUE(),
    PageTypeSelected = "Service", 1,
    PageTypeSelected = "Site" && IsServiceOwner, 1,
    PageTypeSelected = "Site" && NOT IsServiceOwner, 1,
    0
)
---DAX---
 
Step 5: Filter Your Visuals
Apply Visual-level filter:
CanSeeSite = 1
 
Result:
Service Owner >> Service page >> All sites
Service Owner >> Site page >> Only owned sites
Site Owner >> Only Site page >> Only owned sites
 
=================================================================
Did I answer your question? Mark my post as a solution! This will help others on the forum!
Appreciate your Kudos!!
Jaywant Thorat | MCT | Data Analytics Coach
#MissionPowerBIBharat
LIVE with Jaywant Thorat
Message 2 of 17
663 Views
Alatha
Frequent Visitor
In response to Jaywant-Thorat

‎02-07-2026 02:07 PM

@Jaywant-Thorat , thanks for your reply and suggested solution. 
I followed all steps but when I test as service owner. 
service owner & site owners view sees only sites they own but not all sites in service owner view.


Approach what I tried which displays as expected 

Service Owner >> Service page >> All sites
Service Owner >> Site page >> Only owned sites
I have created reference table on main table where I kept only site I'd and users
And now I have two tables main table and reference Table.
Created two rls roles 
site owner role - main table owner - USERPRINCIPLENAME()
service owner role - reference table - USERPRINCIPLENAME()
whereever site count from main table used in site owner view changed it to site count from reference table and replaced site I'd from main table with site I'd from ref table 
this behaviour working as expected 
BUT  am trying without reference table , any way that I can achieve this
thank you 
Message 3 of 17
644 Views
0
v-nmadadi-msft
Community Support
Community Support
In response to Alatha

‎02-09-2026 08:48 PM

Hi @Alatha ,
Thanks for reaching out to the Microsoft Fabric Community forum.

Instead of trying to handle multiple personas within a single report, a better and more maintainable approach would be to create two separate reports using the same data model. One report would be published without any RLS filters, intended for Service Owners who require full visibility across all sites. The second report would include the necessary RLS filters and would be used by Site Owners to restrict data visibility to only the sites they own.

This approach avoids the limitations you are currently encountering with RLS and page navigation, simplifies the security model, and ensures predictable behavior for each user group. Users can then access the report that best fits their role, without relying on conditional logic or workarounds within a single report.

 

I hope this information helps. Please do let us know if you have any further queries.
Thank you

Message 4 of 17
580 Views
0

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

February Power BI Update Carousel

Power BI Monthly Update - February 2026

Check out the February 2026 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All