Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
Amik_singh
Advocate I
Advocate I

Row Level Security

‎12-15-2025 09:11 AM

When implementing dynamic RLS using the USERPRINCIPALNAME() function on a dimension table, what unexpected data visibility issue can occur if an active one-to-many relationship exists from the secured dimension table to a large, unsecured fact table, and the dimension table has an active relationship to a separate, smaller bridge table?

Labels:
Message 1 of 3
277 Views
1 ACCEPTED SOLUTION
Amar_Kumar
Super User
Super User

‎12-15-2025 09:16 AM

@Amik_singh The unexpected issue is an Incomplete RLS Propagation due to Relationship Ambiguity. If the DAX expression for RLS does not correctly account for the bidirectional filtering (or filter propagation settings) across both the fact and the bridge table paths, the user might see some fact data filtered correctly, but the relationships involving the bridge table could inadvertently expose related records that should have been masked, thus bypassing the intended security filter on the secured dimension table.

View solution in original post

Message 2 of 3
258 Views
2 REPLIES 2
Kmaha986696
New Member

‎12-15-2025 09:16 AM

This can cause users to see more data than expected. Even though the RLS rule is defined correctly on the dimension table using USERPRINCIPALNAME, the issue comes from how filters move through the model. When the secured dimension has an active relationship to a large fact table and also another active relationship to a smaller bridge table, the bridge can introduce extra keys into the filter context. Those keys can then flow back into the fact table and expand the result set. As a result, fact rows outside the user’s intended access can become visible, without any warning or obvious sign that something is wrong. This is most common in models with multiple active or bidirectional relationships and is easy to miss unless you carefully test using View as role.

Message 3 of 3
257 Views
0
Amar_Kumar
Super User
Super User

‎12-15-2025 09:16 AM

@Amik_singh The unexpected issue is an Incomplete RLS Propagation due to Relationship Ambiguity. If the DAX expression for RLS does not correctly account for the bidirectional filtering (or filter propagation settings) across both the fact and the bridge table paths, the user might see some fact data filtered correctly, but the relationships involving the bridge table could inadvertently expose related records that should have been masked, thus bypassing the intended security filter on the secured dimension table.

Message 2 of 3
259 Views

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

View All