Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Score big with last-minute savings on the final tickets to FabCon Vienna. Secure your discount

Reply
aaedla
Regular Visitor

Row level security setup based on the column values in SQL Table

‎10-29-2024 07:18 PM

Hi, 

 

I have sql tables as shown below. There is a relationship between tables.  Now I want to create power bi report with row level security.

 

Admins should be able to see all the data in all tables

Leader should be able to see only their data. If logged in user is leader for department 2 (Department name is IT), then only department 2 data should display in power bi.

 

If logged in user is neither admin, nor leader then no data should display.   

 

I tried to configure this based on below link but I didn't get expected results. Can anyone help me to implement this. Any help would be greatly appreciated.

 

Row Level Security 

 

Users Table  -  which is having Admin column Leader Column as shown below

IDNameFullNameCreated DateIsAdmin(boolean)IsLeader
1XXXXXXXXX,YYYY2024-10-29 15:40:45.2701NULL
2yyyyyyyyy, ZZZZ2024-10-20 15:40:45.27001
3ZZZTTTTLDJL 02
4PPPTTTT 1NULL
5OXYOXY 05
5TTWWW 0NULL

 

Membership - This shows details of users memberships

IDUserIDDeparmentsIDCreatedDateCreatedBy
1112024-10-29XXXX
2122024-10-29XXX
3132024-10-29XXX
4222024-10-29YYYYY
5252024-10-29YYYY
6342024-10-29YYY
751  
7352024-10-29YYY

 

Departments Names:

IDDepartment NameStatus(Active/Inactive)
1HRActive
2ITA
3OperationsA
4FinanceA
5LegalA
6AccountsA

 

Expenses Details:

IDDepartment IDBudgetExpensesRemaining
111000500500
2220001400600
331500700800
45450029001600
     

 

Message 1 of 4
443 Views
0
3 REPLIES 3
shafiz_p
Super User
Super User

‎10-30-2024 03:58 AM

Hi @aaedla  Please check the below example:

I have 3 tables. User, Department and Expense. I have only relationship between department and Expense table. User table is out of the relationship. 

Only Admin user from User table have can see all my reports and the tagged as leader will be able to see reports of assigned department.

 

My relationship:

shafiz_p_0-1730283501788.png

 

My unfiltered report :

shafiz_p_4-1730284851247.png

 

I have just 3 department and 4 user, 2 with Admin tag and 2 with Leader tag. See the user table:

shafiz_p_3-1730284825851.png

 

 

For admin, setup just role is admin. See images below:

shafiz_p_5-1730285008538.png

Check view as :

shafiz_p_6-1730285066842.png

 

 

For Leader write the below dax to filter:

shafiz_p_7-1730285127949.png

I have first filter user table based on Role which is Leader and then created a list of department ID crosponding to Leader tag, in my case {1,2} and checked [Department ID] of Expense table is in the list or not. If then it will filter.

Check view as:

shafiz_p_8-1730285270108.png

 

 

Now go to power bi and set up as @grazitti_sapna  mentioned and you are done. 

You need to adjust condition to filter user table based on UserName or Userprincipal name, for example :

IF (
    CALCULATE (
        COUNTROWS ( 'User' ),
        FILTER (
            'User',
            'User'[Email] = USERPRINCIPALNAME() &&
            'User'[Role] = "Leader"
        )
    ) > 0,
    [DepartmentID] IN 
    CALCULATETABLE (
        VALUES ( 'User'[DepartmentID] ),
        FILTER (
            'User',
            'User'[Role] = "Leader"
        )
    ),
    FALSE
)

 

Hope this helps!!

If this solved your problem, please accept it as a solution and a kudos!!

 

 

Best Regards,
Shahariar Hafiz

Message 4 of 4
351 Views
grazitti_sapna
Super User
Super User

‎10-30-2024 12:46 AM

Hi @aaedla ,

To implement row-level security (RLS) in Power BI based on the provided SQL table structure, you need to create roles and define DAX filters to control access. Here's a step-by-step approach:

  1. Create Roles in Power BI:
    • You will define two roles: Admin and Leader. Users who do not fit into either role will not be able to see any data.

  2. Set Up Relationships in Power BI:
    Ensure you have created the correct relationships between your tables in Power BI based on the IDs:

     

    • Users → Membership (on UserID)

    • Membership → Departments Names (on DepartmentsID)

    • Departments Names → Expenses Details (on Department ID)

  3. Define DAX Filters for Roles:
    For each role, we will define filters to restrict data visibility.

     

    • Admin Role DAX Filter:
      Admins should see all data, so no additional filtering is required for them. Just create a role named Admin and assign users who have the IsAdmin column set to True.

    • DAX Expression:  [IsAdmin] = TRUE()

    • Leader Role DAX Filter:
      Leaders should see only the data related to their departments. We need to filter the Expenses Details table based on the departments the leader has access to. You can create a DAX expression that checks the logged-in user's ID and matches it with the DepartmentsID they lead.

       

    • DAX Expression for the Leader role:                                                                                                               [IsLeader] = TRUE() &&
      USERPRINCIPALNAME() IN VALUES('Membership'[UserID])

    • Here’s a breakdown:

       

      • [IsLeader] = TRUE(): Checks if the user is marked as a leader.

      • USERPRINCIPALNAME(): This function returns the email or login name of the currently logged-in user.

      • VALUES('Membership'[UserID]): Ensures that the user belongs to the department based on the Membership table.

    • Alternatively, if the leader's assignment is tied to specific departments, use a relationship to filter the relevant departments directly based on USERPRINCIPALNAME().
  4. No Data for Other Users:
    Users who are neither Admins nor Leaders will not have any data visible because no roles are assigned to them.

  5. Assign Users to Roles:
    In Power BI Desktop:

     

    1. Go to the Modeling tab and select Manage roles.

    2. Create two roles: Admin and Leader.

    3. For the Admin role, apply the DAX filter [IsAdmin] = TRUE().

    4. For the Leader role, apply the DAX filter [IsLeader] = TRUE() && USERPRINCIPALNAME() IN VALUES('Membership'[UserID]).

    5. Publish the report to Power BI Service.
    6. In the Power BI Service, under the Security settings of your dataset, assign email addresses to the corresponding roles.

Example of Role-Based Visibility

  • Admin (IsAdmin = True): Can see all departments and their expenses.
  • Leader (IsLeader = True): Sees only departments they lead.
  • Other Users (No roles assigned): See no data.

Testing the Setup

  • You can test the setup in Power BI Desktop by going to Modeling > View as Role to simulate different roles.
    This configuration will ensure that admins see all data, leaders see their specific departments, and other users see no data.

If I have resolved your question, please consider marking my post as a solution🎉. Thank you!

Message 2 of 4
365 Views
0
aaedla
Regular Visitor
In response to grazitti_sapna

‎10-30-2024 05:29 AM

@grazitti_sapna 

 

Thank you for your comments.

here I need to diplay users table as welll. If logged in user is department A leader then I should display all users details associated to department A. If user is associated to department A and department B then report should display user for department a leader as well as department b leader.

I have updated user table with more rows  for your refeerence.

Here I am getting confused. Any suggestion would be greatly appreciated.

Message 3 of 4
346 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All