Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Compete to become Power BI Data Viz World Champion! First round ends August 18th. Get started.

Reply
Anonymous
Not applicable

Row Level Security with different groups

‎05-04-2022 08:25 AM

Hello!

I am looking to create row level security for two different sets of people.  I have been told that managing permissions on the service itself is not the way the group wants to manage this, so I am doing it with USERPRINCIPALNAME within the model itself.

 

There are two groups of people.

 

Managers - Managers manage buildings.  Within the model, this one is fine.  If Manager X manages building 1, they only get to see data for building 1.  I have the list of managers and the buildings that they are in charge of and the relationship is based off of that.


Corporate users - Corporate users should be able to see everything.  I do not have a list of corporate users (although I can and probably will get one) There is no "tie" in the same way that managers are tied to buildings for me to use in relationships.  This is where I'm not sure how to proceed.  So I understand that for them I want no filters for them but I'm not sure how to go about doing that since my only RLS experience is the manager portion above where I'm creating a relationship and filtering based off of the relationship within the model.

Any insight or help would be greatly appreciated! Thank you

Labels:
Message 1 of 5
6,808 Views
0
1 ACCEPTED SOLUTION
jdbuchanan71
Super User
Super User

‎05-04-2022 08:31 AM

@Anonymous 

If you create another role in PowerBi Desktop, one that does not have any filters, then you can add users to that role and they will be able to see all the data.

In order for RLS to work however, you must assign users to the role in the service.  The best way to handle that is with Active Directory security groups.  You assign the users to the security group and the security group to the role.  That way, if you need to add new users to a role they can just be added to the security group.

View solution in original post

Message 2 of 5
6,802 Views
0
4 REPLIES 4
rabihbadr
Frequent Visitor

‎08-20-2024 11:40 PM

Hey, I would go directly for dynamic RLS, using security tables, because it's the most scalable option, and scale is inevitable.

Message 5 of 5
4,519 Views
0
jdbuchanan71
Super User
Super User

‎05-04-2022 08:37 AM

You are correct.  The model decides how to filter based on the rules of the role the user is in.   This does mean that a user that is not in any role will not be able to see any data at all.  Just something to keep in mind.  Also, the users cannot be members of the workspace in anything other than a reading role or RLS is not applied to them at all.

Message 4 of 5
6,798 Views
0
jdbuchanan71
Super User
Super User

‎05-04-2022 08:31 AM

@Anonymous 

If you create another role in PowerBi Desktop, one that does not have any filters, then you can add users to that role and they will be able to see all the data.

In order for RLS to work however, you must assign users to the role in the service.  The best way to handle that is with Active Directory security groups.  You assign the users to the security group and the security group to the role.  That way, if you need to add new users to a role they can just be added to the security group.

Message 2 of 5
6,803 Views
0
Anonymous
Not applicable
In response to jdbuchanan71

‎05-04-2022 08:34 AM

Thank you for your reply, this is what I'm looking for!. So I would just have a "corporate" role assigned to whatever their security group is and then everyone within that group would be able to see everything, is that right?

I just want to make sure both of my bases are covered:

The dynamic RLS I'm using for managers would still work as well, correct?

Message 3 of 5
6,800 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All