Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join us at FabCon Atlanta from March 16 - 20, 2026, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM. Register now.

Reply
Anonymous
Not applicable

row level security not working in app/web

‎09-05-2017 01:49 AM

Hi,

 

I have added a very simple row level security filter to one of my reports:

 

IF(userprincipalname()="user123@company.com",[Email]<>"xyz",[Email]= userprincipalname())

This is working fine in the desktop app. The User123 can see all the rows as there is no Email "xyz". All other users only see rows where their userprincipalname equals the Email field in the table. This filter works fine only in the desktop app.

 

When looking at the report using the webservice or the mobile app all rows are visible to all user - the filter seems not to be working. Any idea what I might be doing wrong?

Thanks!

chris

Labels:
Message 1 of 6
6,878 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable

‎09-05-2017 08:06 PM

@Anonymous,

Based on your description, you want to achieve the requirement that user123 can see all rows but other users can only see their respective rows.

In your scenario, you can create two roles in Power BI Desktop,  one for user123 without any filter applied which is called Admin, and another role for other users with filter by UserName(). There is an example for your reference, in the second screeshot, replace the DAX with “[Email] = UserName()”.
1.png2.png


After you publish the report to Power BI Service,  go to Dataset->Security, add email address of user123 under Admin role, add email addresses of other users under OtherUser role. When adding members to the role in Power BI service, you can type in the email address, or name, of the user, security group or distribution list you want to add. For more details, please review this article: https://powerbi.microsoft.com/en-us/documentation/powerbi-admin-rls/ .

 

Regards,
Lydia

View solution in original post

Message 3 of 6
7,955 Views
5 REPLIES 5
apo1979
Frequent Visitor

‎06-11-2020 12:41 PM

The Row-level security (RLS) rule with Power BI only worked in my case when in Workspace I define that users have only Viewer access.

Message 6 of 6
3,686 Views
0
Anonymous
Not applicable

‎09-05-2017 08:06 PM

@Anonymous,

Based on your description, you want to achieve the requirement that user123 can see all rows but other users can only see their respective rows.

In your scenario, you can create two roles in Power BI Desktop,  one for user123 without any filter applied which is called Admin, and another role for other users with filter by UserName(). There is an example for your reference, in the second screeshot, replace the DAX with “[Email] = UserName()”.
1.png2.png


After you publish the report to Power BI Service,  go to Dataset->Security, add email address of user123 under Admin role, add email addresses of other users under OtherUser role. When adding members to the role in Power BI service, you can type in the email address, or name, of the user, security group or distribution list you want to add. For more details, please review this article: https://powerbi.microsoft.com/en-us/documentation/powerbi-admin-rls/ .

 

Regards,
Lydia

Message 3 of 6
7,956 Views
Anonymous
Not applicable
In response to Anonymous

‎09-06-2017 08:57 AM

Hi Lydia,

 

thanks for your reply!

 

What you are describing is exactly what I am trying to achieve.

 

The only problem I still have is the last step you mentioned: "(...) add email addresses of other users under OtherUser role. (...)"

 

In my case I would have to add 200+ email addresses (if this little prove-of-concept I am trying to deliver is working as required).

Those 200+ users are also changing quite regularly. So my goal would be to have this filter enabled for ALL users as default filter.

 

Is there any possibility to add such a default filter for each and every user?

Thanks!

chris

 

 

Message 4 of 6
6,839 Views
0
Anonymous
Not applicable
In response to Anonymous

‎09-07-2017 02:08 AM

@Anonymous,

I am not very clear about the filter you refer to. If you mean that create a role in Power BI Desktop, after you publish the report to Power BI Service, you still need to add users as members to  the role in Power BI Service in order for RLS to work.

And you can add users in a security group or distribution list , this way, you don't need to type 200 email addresses to the role, just type security group or distribution list instead. Once you change users, you can just remove users or add users in the security group or distribution list .



Regards,
Lydia

Message 5 of 6
6,817 Views
0
Anonymous
Not applicable

‎09-05-2017 06:21 AM

I did some research and found that one probably has to activate Row Level Security in the respective Dataset in the PowerBI Service. There it is possible add Users or Groups to a Role. Is that correct? 

 

However I would like the filter that I created in the Desktop app to apply to every single User! Is there a way achieve that without having to add every single user to that role?

Message 2 of 6
6,855 Views
0

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All