Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

July 7 - July 17 | Round 2 of the Power BI Dataviz World Championships. Don't miss your chance! Learn more

Reply
Rnaval
Post Patron
Post Patron

User Access Control \ Rights \ Permissions Question

How do I control user access? I only want users to see their agency data, not another agency's data.

1 ACCEPTED SOLUTION

Hey @Rnaval,

RLS is enforced at the model level, and hence can't be restricted to specific pages in PBI. So once RLS is applied to a table, every page using it respect the same RLS filters. One approach is to use a separate table for that page and apply RLS only to this model. But depending on your use-case, there can be more work-arounds. Please share if you have a specific problem statement.

Best,

Harshit

View solution in original post

8 REPLIES 8
v-tejrama
Community Support
Community Support

Hi @Rnaval ,

 

Thank you @stoic-harsh  for the response provided!

Has your issue been resolved? If the response provided by the community member addressed your query, could you please confirm? It helps us ensure that the solutions provided are effective and beneficial for everyone.

Thank you.

I think so but let me confirm tomorrow

Hi @Rnaval ,

 

Thanks for your reply. Please take your time and confirm.
Feel free to contact us if you have any further questions.

Thank you.

stoic-harsh
Super User
Super User

Hey @Rnaval,

First, ensure your dataset contains user emails to map each user to their respective department. If not, create a mapping table (UserEmail vs Department) and relate it to your main data.

 

Setting up RLS in PBI Desktop:

Go to Modeling > Manage Roles (under security) > Create a role (say, Dept Filter) and apply this DAX filter:

// DAX
// USERPRINCIPALNAME() returns the logged-in user's email LOWER([UserEmail]) == LOWER(USERPRINCIPALNAME())

To test, go to Modeling > View As (next to Manage Roles) > select above role + Other User and enter a test email.

After Publishing, go to Semantic Model > ... > Security > Assign users to the role. Prefer AAD Security Groups over individual emails (much more scalable this way), or you can add individual users.

 

Scenarios:

  • Users with Contributor or higher workspace permissions bypass RLS entirely.
  • RLS only enforces for Viewers, or users, the report is directly shared with.
  • Users not added to Security will hit an "Access Denied" error instead of seeing filtered data.

Hope it helps! Please do share if you find more efficient approaches.

Best,

Harshit

Thanks, so how do you assign which pages specific users can access?

Hey @Rnaval,

RLS is enforced at the model level, and hence can't be restricted to specific pages in PBI. So once RLS is applied to a table, every page using it respect the same RLS filters. One approach is to use a separate table for that page and apply RLS only to this model. But depending on your use-case, there can be more work-arounds. Please share if you have a specific problem statement.

Best,

Harshit

Thank you, it worked well,

Bipin-Lala
Solution Sage
Solution Sage

Hi @Rnaval ,

 

Can you please elaborate on your question, the community would be able to answer better.

 

Thanks!




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!


Regards,

Bipin Lala | Business Intelligence Developer



Helpful resources

Announcements
FabCon and SQLCon Barcelona 2026

FabCon & SQLCon – Barcelona 2026

Join us in Barcelona for FabCon and SQLCon, the Fabric, Power BI, SQL, and AI community event. Save €200 with code FABCMTY200.

60 days of Data Days Carousel

Data Days 2026

Join Fabric Data Days 2026: 60 days of free live/on-demand sessions, challenges, study groups, and certification opportunities.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.