USECASE 1 Suppose we have a classic star schema, with dim product and dim region. requirement = we need to implement an RLS rule, users under this rule should only see "Bikes" category sold in "Europe" region which means an intersection-based RLS between dim product and dim region The common approach is to create 2 seperate static RLS with one, filtering "dim product" and the other filtering "dim region"
but in that case, those 2 RLS with be additive and we'll see , say some Bikes data saled on "US" region for example.
USECASE 2 : i've created 2 RLS RLS 1 = filtering a standalone table not related to the model RLS 2 = filtering a dimension table related to the model (star schema) both tables blong to the same dataset (no way to seperate them due to a specific requirement)
as a result of RLS additive behavior, and from the fact that those 2 tables are not related, applying both RLS at the same time, made the data fully accessible.
any workarounds except createing seperate parameterized datasets ?
The thing is, table in RLS1 will be used to assign our end userprincipalname() to a specific page name (has no business with data model), although, RLS2 is meant to filter our data model, finally i'll go with multi parameterized dataset, and leverage RLS1 only, I would suggest to disable RLS additive behavior on tables that are obviously not related.