Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
D_G
Frequent Visitor

Row-level security 2 layers

‎03-25-2025 10:58 PM

I have data model as below:

D_G_3-1742968426531.png

 

I need to set up row-level security so that user could see all sales made by division where he is working and sales from any other division to specific country. Eg if user is employed in US division, he has to see all US division sales and sales from any other division to US.  Can somebody help me?

 

 

Labels:
Message 1 of 3
219 Views
0
1 ACCEPTED SOLUTION
freginier
Super User
Super User

‎03-26-2025 04:34 AM

Hey there!

 

Here's how you can set this up using RLS:

 

  • Create Roles in Power BI Desktop:

    • Go to Modeling in Power BI Desktop and click Manage Roles.

    • Create a new role for each layer of security (e.g., one for the division and another for the country).

  • Define the First Layer: Division-Specific Security:

    • For the first layer, you want to ensure that users can see data related to their division. If the user is part of the "US" division, they should be able to see all sales data for the "US" division.

    • You can use a DAX expression for the division filter:

  • [Division] = USERPRINCIPALNAME()

      • This filter will allow users to see only the data where the Division matches their login ID (assuming you have some way of tying the user to their division via USERPRINCIPALNAME()).

  • Define the Second Layer: Country-Specific Security:

    • The second layer is to ensure users can see sales made to a specific country. If the user is from the US, they should see sales for the US, but also sales from other divisions related to the US.

    • You can create a DAX expression to ensure that users see sales for the ShippingCountry (or Country) for their division as well as any sales to the US:

  • [ShippingCountry] = "US" || [Division] = USERPRINCIPALNAME()

  • Combine the Two Layers:

    • You will need to combine both of these security filters in the role definition. Here’s an example DAX expression for your role that combines both conditions:

  • ([Division] = USERPRINCIPALNAME()) || ([ShippingCountry] = "US")

    • This way, users will only see data where either the Division matches their login, or the ShippingCountry is the US.

  • Test the Security:

    • After setting up the roles, go to Modeling > View as Roles in Power BI to test the security settings.

    • You can enter different user names to see how the report changes based on the RLS settings.

Hope this helps!

😁😁

 

View solution in original post

Message 2 of 3
142 Views
0
2 REPLIES 2
v-mdharahman
Community Support
Community Support

‎03-26-2025 04:41 AM

Hi @D_G,

Thanks for reaching out to the Microsoft fabric community forum.

It looks like you want to implement a RLS for your users. As @freginier already responded to your query, please go through his response and mark it as solution if it solves your issue.

 

I would also take a moment to thank @freginier, for actively participating in the community forum and for the solutions you’ve been sharing in the community forum. Your contributions make a real difference.

 

If I misunderstand your needs or you still have problems on it, please feel free to let us know.  

Best Regards,
Hammad.
Community Support Team

 

If this post helps then please mark it as a solution, so that other members find it more quickly.

Thank you.

Message 3 of 3
139 Views
0
freginier
Super User
Super User

‎03-26-2025 04:34 AM

Hey there!

 

Here's how you can set this up using RLS:

 

  • Create Roles in Power BI Desktop:

    • Go to Modeling in Power BI Desktop and click Manage Roles.

    • Create a new role for each layer of security (e.g., one for the division and another for the country).

  • Define the First Layer: Division-Specific Security:

    • For the first layer, you want to ensure that users can see data related to their division. If the user is part of the "US" division, they should be able to see all sales data for the "US" division.

    • You can use a DAX expression for the division filter:

  • [Division] = USERPRINCIPALNAME()

      • This filter will allow users to see only the data where the Division matches their login ID (assuming you have some way of tying the user to their division via USERPRINCIPALNAME()).

  • Define the Second Layer: Country-Specific Security:

    • The second layer is to ensure users can see sales made to a specific country. If the user is from the US, they should see sales for the US, but also sales from other divisions related to the US.

    • You can create a DAX expression to ensure that users see sales for the ShippingCountry (or Country) for their division as well as any sales to the US:

  • [ShippingCountry] = "US" || [Division] = USERPRINCIPALNAME()

  • Combine the Two Layers:

    • You will need to combine both of these security filters in the role definition. Here’s an example DAX expression for your role that combines both conditions:

  • ([Division] = USERPRINCIPALNAME()) || ([ShippingCountry] = "US")

    • This way, users will only see data where either the Division matches their login, or the ShippingCountry is the US.

  • Test the Security:

    • After setting up the roles, go to Modeling > View as Roles in Power BI to test the security settings.

    • You can enter different user names to see how the report changes based on the RLS settings.

Hope this helps!

😁😁

 

Message 2 of 3
143 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All