Hello.. 

Yes we implemented Tabular model as suggested in this article. RLS works as expected when you publish and share reports with end users.

But it doesn't work when end user connects to Power BI Desktop and Tabular model on local machine. We don't see RLS applied for that user in Power BI Desktop. 

Hope this clears my question. 

Thanks!

Hi @mittalpatel130 

You need to test it in Power BI Service. It will render the correct USERNAME.

You can create 2 measures, 1 = USERNAME() the other one = USERPRINCIPALNAME()

Then publish to the service, the result should be different.

Leed -  We already tested on Power BI Service and it works perfectly fine.  Do you mean Tabular model RLS doesn't reflect in Power BI Desktop when User connects to it?

We are planning to rollout Tabular model as a solution and users will create report themselves in Power BI Desktop for their own department. It is necessary that they see their own data and not all departments' data.

Hi @mittalpatel130 

The service and desktop should show you the same result.

RLS does reflect in Power BI destkop, but if you open from desktop, the user instead being xxx@company.com they will be an AD user like US\xxx

Thats the reason you need to show up the 2 measures USERNAME() and USERPRINCIPALNAME() to see the difference between them then decide which one to use in SSAS TAB RLS.

Best,

Hi @leed 

I got it what you mean. 

Here is the screen print of my DAX filter and I don't think so I can add USERPRINCIPALNAME() here.

Hi @mittalpatel130 

Can you show me what do you have in your membership ?

Hi @leed  

Sure.

Hello Leed - 

Thank you for your response.

Can you please brief me on how to test with USERPRINCIPAL()? 

Thanks!

Hi @mittalpatel130 

The same way you did with USERNAME(), you just needed to replace the last one by USERPRINCIPALNAME().

On Power BI Service, unfortunately, if you pass by Live connection, you need to have a real user for the test, you cannot use RLS.

Best,

DA

Hello Leed,

I'm using simple Row level security with a filter condition on tables.. like Country = 'US' .. 

It is not a dynamic security. Still your comments apply to it? I'm little confused on where to add that USERPRINCIPALNAME()? On DAX filters or in members of the Role? 

Thank you very much for your response!

@mittalpatel130 

2 screenshots :

1/ where to add membership.

1/ 

2/ where to add USERPRINCIPALNAME()

@leed 

I see your screen shots. Which version of SSAS is that? I am using 2016 SSAS Tabular and dont see UserPrincipalName(). 

Do higher version of SSAS has this DAX function?

Thanks

Manoj

Hi @manalla 

This is a pretty basic DAX function, I think it's avaialable on all the version.

Whatever, below is the detail of my SSAS tabular server.

Best,

Hi @leed 

Thanks for you response.

Your version is 14.0.6.443 - This is 2017 SQL Build Version

My version is 13.0.5201.2 - This is 2016 SQL Build version.

But compatability is 1200 which is supported from 2016.

So i need to conclude that in 2016 SSAS Tabular, userprincipalname() DAX function doesnt work, like said in many other forums.

Thanks

Manoj

Thank you for letting me know! Appreciate it!