Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI DataViz World Championships are on! With four chances to enter, you could win a spot in the LIVE Grand Finale in Las Vegas. Show off your skills.

Reply
Anonymous
Not applicable

Way to Query Users Security Role

‎04-11-2022 05:50 PM

Hello,

 

Is there a way to query users' security roles through which they're viewing reports in the service?

 

Basically, if I create a security role for RLS or OLS--"TestSecRole"--and assign a user to that role in the service, I know that I could get the user's username through USERPRINCIPALNAME(), but could I also see that the user is viewing through/belongs to TestSecRole?

 

Thanks,

Labels:
Message 1 of 4
1,760 Views
0
1 ACCEPTED SOLUTION
OwenAuger
Super User
Super User

‎04-11-2022 11:01 PM

Hi @Anonymous 

Are you looking for a way to query current user's role(s) in a way that can be accessed in the report itself, e.g. returned by a measure?

 

I'm not aware of a built-in function that can do this, however, you could set up a table containing the names of the roles, and define a RLS filter on that table within each role, filtered to the value corresponding to that Role.

 

To take a simple example, if you had 4 roles, "North", "South", "East", "West", then you create a table Roles with column Role:

OwenAuger_1-1649742956727.png

Then for each Role, define a RLS table filter on the Roles table, filtered to the value with the name of the current role, e.g. for North role, filter Roles using the expression Roles[Role] = "North":

OwenAuger_2-1649743038992.png

Then when the user accesses a report connected to this dataset, the visible rows of the Roles table will correspond to that user's roles.

 

A user who is in both North & South would see those two values in the Roles table (since the user would see the union of all rows visible under each role that they are a member of).

 

You could create a measure such as this to return the current user's roles as a concatenated string:

 

Current User Roles = 
CONCATENATEX (
    Roles,
    Roles[Role],
    ",",
    Roles[Role]
)

 

 

For the North/South user, this measure would return "North, South".

 

Is this along the lines of what you were wanting to do?

 

Regards,

Owen


Owen Auger
Did I answer your question? Mark my post as a solution!
Blog
Twitter
LinkedIn

View solution in original post

Message 2 of 4
1,713 Views
3 REPLIES 3
OwenAuger
Super User
Super User

‎04-14-2022 01:44 AM

Glad that was useful 🙂

That sounds like a great application, and you could certainly have a measure that determines the destination page based on visible rows of a Role table.


Owen Auger
Did I answer your question? Mark my post as a solution!
Blog
Twitter
LinkedIn
Message 4 of 4
1,692 Views
0
OwenAuger
Super User
Super User

‎04-11-2022 11:01 PM

Hi @Anonymous 

Are you looking for a way to query current user's role(s) in a way that can be accessed in the report itself, e.g. returned by a measure?

 

I'm not aware of a built-in function that can do this, however, you could set up a table containing the names of the roles, and define a RLS filter on that table within each role, filtered to the value corresponding to that Role.

 

To take a simple example, if you had 4 roles, "North", "South", "East", "West", then you create a table Roles with column Role:

OwenAuger_1-1649742956727.png

Then for each Role, define a RLS table filter on the Roles table, filtered to the value with the name of the current role, e.g. for North role, filter Roles using the expression Roles[Role] = "North":

OwenAuger_2-1649743038992.png

Then when the user accesses a report connected to this dataset, the visible rows of the Roles table will correspond to that user's roles.

 

A user who is in both North & South would see those two values in the Roles table (since the user would see the union of all rows visible under each role that they are a member of).

 

You could create a measure such as this to return the current user's roles as a concatenated string:

 

Current User Roles = 
CONCATENATEX (
    Roles,
    Roles[Role],
    ",",
    Roles[Role]
)

 

 

For the North/South user, this measure would return "North, South".

 

Is this along the lines of what you were wanting to do?

 

Regards,

Owen


Owen Auger
Did I answer your question? Mark my post as a solution!
Blog
Twitter
LinkedIn
Message 2 of 4
1,714 Views
Anonymous
Not applicable
In response to OwenAuger

‎04-13-2022 06:37 AM

Thanks, @OwenAuger, this is clever.

 

Basically, the reason I'd want to do this is to use it with conditional navigation and object-level security. A home-page on a report with an "Enter" button could direct users to a page corresponding to their security role and OLS settings. This would prevent the user from seing a bunch of broken visuals depending on their security role.

Message 3 of 4
1,696 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

FebPBI_Carousel

Power BI Monthly Update - February 2025

Check out the February 2025 Power BI update to learn about new features.

Feb2025 NL Carousel

Fabric Community Update - February 2025

Find out what's new and trending in the Fabric community.

View All