Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

To celebrate FabCon Vienna, we are offering 50% off select exams. Ends October 3rd. Request your discount now.

Reply
Anonymous
Not applicable

RLS: overlapping rule / role filters

‎05-19-2021 06:58 AM

Hi all,

 

I have a little problem with RLS roles / filtering.

 

I successfully set up filters for the dozen or so departments that I need to show the data for, but my boss for example is head of our department - so he can see that data - but is also supposed to see ALL data, but the filter on our department seems to overrule the capability to see all data from the role without restrictions.

 

Any ideas how to solve that?

 

Thanks in advance!

Labels:
Message 1 of 7
2,254 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable
In response to Anonymous

‎05-25-2021 11:08 PM

Hi @Anonymous 

If you use username() and userprincipalname() in your code, you are trying to build Dynamic RLS.

For reference: Dynamic RLS Sample

My Test:

1.png

Role:

RLS1 role is as below. And Boss role has no restriction.

2.png

View as is a test in Power BI Desktop to view things as a role.

If you select RLS1, you will be restrict by your userprincipalname. As below, you can only see values belong to User1.

3.png

If you select Boss, you can see all things no matter who you are. Don't forget to add the users in their correct role in Security in Power BI Service.

 

Best Regards,

Rico Zhou

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. 

 

View solution in original post

Message 6 of 7
2,139 Views
0
6 REPLIES 6
Anonymous
Not applicable

‎05-24-2021 03:15 AM

Hi @Anonymous 

What kind of RLS did you build for your organization, static RLS or dynamic RLS?

If you build static RLS, please only add your boss into the Role without any restriction.

My Sample:

1.png

I build two rolse, Department and Boss. Department will restrict user only see values in Department and Boss without any restriction.

2.png3.png

Publish the report add Tongzhou into Boss Role and add Eyelyn into Department Role in dataset security.

Result is as below.

Tongzhou in Boss role can see all values.

4.png

Eyelyn in Department role can onlu see department values.

5.png

Or you can change Boss's permission in your workspace. Just give him edit permission instead of viewer. Then your Boss can see all values in your report. And you don't need to add a new role.

If you want to build a dynamic rls by userprinciplename, you may refer to this blog: Dynamic Row Level Security with Organizational Hierarchy Power BI

 

Best Regards,

Rico Zhou

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. 

Message 4 of 7
2,168 Views
Anonymous
Not applicable
In response to Anonymous

‎05-25-2021 01:52 AM

I think that makes it a bit clearer, thanks!

 

When selecting "view as another user" in PBI, do I need to enter both the user's ID AND select the group I want to test? Because sometimes it showed me all data, despite the user ID in question not having permission.

Message 5 of 7
2,151 Views
0
Anonymous
Not applicable
In response to Anonymous

‎05-25-2021 11:08 PM

Hi @Anonymous 

If you use username() and userprincipalname() in your code, you are trying to build Dynamic RLS.

For reference: Dynamic RLS Sample

My Test:

1.png

Role:

RLS1 role is as below. And Boss role has no restriction.

2.png

View as is a test in Power BI Desktop to view things as a role.

If you select RLS1, you will be restrict by your userprincipalname. As below, you can only see values belong to User1.

3.png

If you select Boss, you can see all things no matter who you are. Don't forget to add the users in their correct role in Security in Power BI Service.

 

Best Regards,

Rico Zhou

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly. 

 

Message 6 of 7
2,140 Views
0
Anonymous
Not applicable
In response to Anonymous

‎05-26-2021 12:30 AM

I tried using Security in the online service, but there it said I should manage that in the program itself. =(

Message 7 of 7
2,133 Views
0
DataZoe
Microsoft Employee
Microsoft Employee

‎05-19-2021 07:10 AM

@Anonymous You can set up a new role for him, that doesn't limit the data. The roles will work like you can see this (role 1) AND this (role 2).  

Respectfully,
Zoe Douglas (DataZoe)



Follow me on LinkedIn at https://www.linkedin.com/in/zoedouglas-data
See my reports and blog at https://www.datazoepowerbi.com/

Message 2 of 7
2,223 Views
0
Anonymous
Not applicable
In response to DataZoe

‎05-19-2021 11:23 PM

@DataZoeThank you for the idea, but I already tried that. He's in a group without filters and in the "department" group with the department data filter and his ID against a department access list with userprincipalname(). But for some reason that lets him only see our department, not all data.

Message 3 of 7
2,182 Views

Helpful resources

Announcements
September Power BI Update Carousel

Power BI Monthly Update - September 2025

Check out the September 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All