Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
ashishg
Advocate I
Advocate I

how to setup RLS for multiple AD group based on country

‎07-12-2024 05:48 AM

I have two tables , Table1 and Table2, Table1 is connected to all other table and my Table2 is user ad group table. and relationship between Table1 to Table2 is one-to-many. so one country person can not see other country data.
Note: my all user present in AD groups only..

RLS Role :
[email] = userprincipalname()

and I have added all the AD group in securty at dataset level. 
its not working properly

 

ashishg_0-1720788178599.png


could anyone please help me how to set up RLS for this ?

Labels:
Message 1 of 4
509 Views
0
1 ACCEPTED SOLUTION
audreygerred
Super User
Super User
In response to ashishg

‎07-15-2024 06:40 AM

Hi! You have to have each individual's email address listed in your model with what country they are associated with. To assign the access in service once you publish the model you can use the AD group, but the model itself has to have everyone's individual email ID since that is what they login with.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!



View solution in original post

Message 4 of 4
397 Views
0
3 REPLIES 3
audreygerred
Super User
Super User

‎07-12-2024 06:27 AM

Hi! You can assign AD groups to the roles in Service, but when you set up the RLS in desktop you need to use people's actual e-mail. When everyone logs in they are using their e-mail and that is what Power BI is looking to check against for RLS. So, you would create a list with all of the emails and the country they have access to, then when they login they will see that data. Here is a great article from RADACAD.

Dynamic Row Level Security with Power BI Made Simple - RADACAD





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!



Message 2 of 4
473 Views
0
ashishg
Advocate I
Advocate I
In response to audreygerred

‎07-12-2024 06:44 AM

Hi @audreygerred 
Thank you for the resposnse

Is there any way I can create a table for where I nominate each AD group to country and when user will log in it will take directly RLS to that specific country only

Message 3 of 4
451 Views
0
audreygerred
Super User
Super User
In response to ashishg

‎07-15-2024 06:40 AM

Hi! You have to have each individual's email address listed in your model with what country they are associated with. To assign the access in service once you publish the model you can use the AD group, but the model itself has to have everyone's individual email ID since that is what they login with.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!



Message 4 of 4
398 Views
0

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All