Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric Certified for FREE during Fabric Data Days. Don't miss your chance! Request now

Reply
Anonymous
Not applicable

RLS with related conditions on multiple tables

‎09-08-2020 06:22 AM

Hello everybody,

 

my issue is about creating roles in RLS with conditions based on 2 different tables. These conditions need to be linked and they can't stand divided. It's really important to me to solve it, i really need a solution.

 

I know RLS and I know it works with AND conditions when creating filters on different tables, but I need some more because conditions on one of my tables is based on fields from the other one.

 

Let's have some sample data about shipments:

 

Table A

KeyASenderReceiverValue
X1AB10
X2AC20
X3BA30
X4CB40

 

Table B

KeyBKeyASender PermissionReceiver Permission
Y1X110
Y2X201
Y3X311
Y4X410

 

In this case, I want person A to see the 3 shipments he is part of in Table A (X1, X2, X3) but he can see the records in Table B just if he has the rights to do it based on the role in the shipment (sender or receiver). For example, he can see Y1 because he is the sender of the shipment and sender permission is 1 for Y1, but he can't see Y2 because here sender permission is 0, while he can see again Y3 because he is the receiver and receiver permission in 1 there.

 

So when creating role for person A in RLS, it would be:

In Table A

Sender = "A" || Receiver = "A"

In Table B something like:

(Sender = "A" && Sender Permission = 1) || (Receiver = "A" && Receiver Permission = 1)

 

But for condition on Table B I need to rely on field from Table A, which I think is not allowed. I can't avoid to relate to Table A when writing conditions on Table B!

 

How can I fix it?

 

It's extremely important to me, so much really.

 

Please help me, and thanks in advance! 

Labels:
Message 1 of 4
3,968 Views
0
2 ACCEPTED SOLUTIONS
Anonymous
Not applicable

‎09-10-2020 06:51 PM

Hi @Anonymous,

You can try to use the following expression to create a role on  tableA to filter records based on two table conditions:

VAR CurrUser = "A"
VAR rList =
    CALCULATETABLE (
        VALUES ( TA[KeyA] ),
        FILTER ( ALLSELECTED ( TA ), [Receiver] = CurrUser )
    )
VAR sList =
    CALCULATETABLE (
        VALUES ( TA[KeyA] ),
        FILTER ( ALLSELECTED ( TA ), [Sender] = CurrUser )
    )
VAR tblist =
    CALCULATETABLE (
        VALUES ( TB[KeyA] ),
        FILTER (
            ALLSELECTED ( TB ),
            OR (
                [KeyA] IN rList
                    && [Receiver Permission] <> 0,
                [KeyA] IN sList
                    && [Sender Permission] <> 0
            )
        )
    )
RETURN
    [KeyA] IN tblist

10.png
Regards,

Xiaoxin Sheng

View solution in original post

Message 3 of 4
3,893 Views
0
Anonymous
Not applicable
In response to Anonymous

‎10-21-2020 02:03 AM

Thanks @Anonymous for your hint,

 

unfortunately I need to create it for many roles and not just for 1 or 2. If I took what you mean, your idea is good but I'd need to create a new table (I think) for each role and it's impossible to me.

 

For @lbendlin, thanks again, your answer is good and it would have worked through calculated columns, the bad is my data model is not so easy: I have an Intermediate table between the 2 because they would have been in a M-N relationship while using Intermediate I get 2 easier relationship which are 1-M and 1-N. So I can't use calculated columns, even if your hint is good, my bad not to represent my model correctly.

 

In the end I added the columns I needed in Table B and edited my ETL function which inserts data in my tables so that I get a copy of those columns where I need them. It's not fair, but it worked.

 

Thank you again guys!

View solution in original post

Message 4 of 4
3,864 Views
0
3 REPLIES 3
Anonymous
Not applicable

‎09-10-2020 06:51 PM

Hi @Anonymous,

You can try to use the following expression to create a role on  tableA to filter records based on two table conditions:

VAR CurrUser = "A"
VAR rList =
    CALCULATETABLE (
        VALUES ( TA[KeyA] ),
        FILTER ( ALLSELECTED ( TA ), [Receiver] = CurrUser )
    )
VAR sList =
    CALCULATETABLE (
        VALUES ( TA[KeyA] ),
        FILTER ( ALLSELECTED ( TA ), [Sender] = CurrUser )
    )
VAR tblist =
    CALCULATETABLE (
        VALUES ( TB[KeyA] ),
        FILTER (
            ALLSELECTED ( TB ),
            OR (
                [KeyA] IN rList
                    && [Receiver Permission] <> 0,
                [KeyA] IN sList
                    && [Sender Permission] <> 0
            )
        )
    )
RETURN
    [KeyA] IN tblist

10.png
Regards,

Xiaoxin Sheng

Message 3 of 4
3,894 Views
0
Anonymous
Not applicable
In response to Anonymous

‎10-21-2020 02:03 AM

Thanks @Anonymous for your hint,

 

unfortunately I need to create it for many roles and not just for 1 or 2. If I took what you mean, your idea is good but I'd need to create a new table (I think) for each role and it's impossible to me.

 

For @lbendlin, thanks again, your answer is good and it would have worked through calculated columns, the bad is my data model is not so easy: I have an Intermediate table between the 2 because they would have been in a M-N relationship while using Intermediate I get 2 easier relationship which are 1-M and 1-N. So I can't use calculated columns, even if your hint is good, my bad not to represent my model correctly.

 

In the end I added the columns I needed in Table B and edited my ETL function which inserts data in my tables so that I get a copy of those columns where I need them. It's not fair, but it worked.

 

Thank you again guys!

Message 4 of 4
3,865 Views
0
lbendlin
Super User
Super User

‎09-08-2020 06:18 PM

You are not showing your data model.

 

Let's assume that there is a 1:M relationship from table A to table B.  The either RLS should "just work"  or you can create a calculated column in table B that pulls in a related column in table A (via RELATED( ) ).  That will then allow you to apply the RLS rule in table B.

Message 2 of 4
3,911 Views

Helpful resources

Announcements
Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All