Row Level Security

Patrick_Murphy · ‎07-13-2023

Hi everyone,

i have an issue with a report where we have RLS eneabled.

We have 2 roles.

- The first role filters data according to the user info with the following rule

[User Name] = username() || [Primary Email] = username()

- The second role has no filters and is just used to assigne to users that can see all the data.

My issue is that for only 1 user she couldn't see the data and we noticed that she was assigned the first role.

So i removed her from that role and assigned her to the second role with no filters.

But she still can't see all the data and it keeps filtering as if she still had the first role assigned to her.

Is there anything else i'm missing and that i should look at to remove the initial RLS filter behaviour for her ?

Thanks for any suggestions you mite have.

lbendlin · ‎07-15-2023

two things to get you started

- there is a difference between USERNAME and USERPRINCIPALNAME. Don't use USERNAME.

- note that RLS will be ineffective if the user has workspace access above Viewer.

Patrick_Murphy · ‎07-17-2023

Ok thanks. I'll try USERPRINCIPALNAME() instead and see if that works.

And yeah, i noticed that RLS behaves differently depending on the level of acces the user has in the workspace.

I i can't get the user to work with RLS, i'll try and give her higher acces than viewer since she can see all the data without restriction.

Helpful resources