Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

July 7 - July 17 | Round 2 of the Power BI Dataviz World Championships. Don't miss your chance! Learn more

Reply
Amik_singh
Advocate I
Advocate I

Row Level Security

When implementing dynamic RLS using the USERPRINCIPALNAME() function on a dimension table, what unexpected data visibility issue can occur if an active one-to-many relationship exists from the secured dimension table to a large, unsecured fact table, and the dimension table has an active relationship to a separate, smaller bridge table?

1 ACCEPTED SOLUTION
Amar_Kumar
Super User
Super User

@Amik_singh The unexpected issue is an Incomplete RLS Propagation due to Relationship Ambiguity. If the DAX expression for RLS does not correctly account for the bidirectional filtering (or filter propagation settings) across both the fact and the bridge table paths, the user might see some fact data filtered correctly, but the relationships involving the bridge table could inadvertently expose related records that should have been masked, thus bypassing the intended security filter on the secured dimension table.

View solution in original post

2 REPLIES 2
Kmaha986696
New Member

This can cause users to see more data than expected. Even though the RLS rule is defined correctly on the dimension table using USERPRINCIPALNAME, the issue comes from how filters move through the model. When the secured dimension has an active relationship to a large fact table and also another active relationship to a smaller bridge table, the bridge can introduce extra keys into the filter context. Those keys can then flow back into the fact table and expand the result set. As a result, fact rows outside the user’s intended access can become visible, without any warning or obvious sign that something is wrong. This is most common in models with multiple active or bidirectional relationships and is easy to miss unless you carefully test using View as role.

Amar_Kumar
Super User
Super User

@Amik_singh The unexpected issue is an Incomplete RLS Propagation due to Relationship Ambiguity. If the DAX expression for RLS does not correctly account for the bidirectional filtering (or filter propagation settings) across both the fact and the bridge table paths, the user might see some fact data filtered correctly, but the relationships involving the bridge table could inadvertently expose related records that should have been masked, thus bypassing the intended security filter on the secured dimension table.

Helpful resources

Announcements
FabCon and SQLCon Barcelona 2026

FabCon & SQLCon – Barcelona 2026

Join us in Barcelona for FabCon and SQLCon, the Fabric, Power BI, SQL, and AI community event. Save €200 with code FABCMTY200.

60 days of Data Days Carousel

Data Days 2026

Join Fabric Data Days 2026: 60 days of free live/on-demand sessions, challenges, study groups, and certification opportunities.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.