Showing results for 
Search instead for 
Did you mean: 

Fabric is Generally Available. Browse Fabric Presentations. Work towards your Fabric certification with the Cloud Skills Challenge.

Responsive Resident
Responsive Resident

Row security level of D365 (both CE and F&O) in the data lake export.

Hi !

I wondered if someone found a way to retrieve the Row security level of D365 (both CE and F&O) in the data lake export. 

I don't see how to manage that. 

security in D365 CE (aka dataverse) is pretty complex. Any record belong to one user, one Business unit and one Team. moreover it can be shared with other users. That specific security seems to be lost after the export to datalake.
how can I be sure to get this security in my powerbi reports ?
Finops seems a little bit easier as thez security is based on the legal entity the user belong to. 
Any welp would be greatly appreciated.

ps) I can get the Business unit and the teams and then, build a RLS filter with the userprincipalname() , still it does not imply the sharing of the reccords. 

pps) I tried to left join a direct query on the Dataverse with a Direct query on the Datalake (via Synapse serverless sql) the first one would bring the security. and the left join would export that security to the DL, but it is not allowed by Direct Query.

Responsive Resident
Responsive Resident

Retrieving row-level security from D365 (CE and F&O) in a data lake export can be a challenging task as it involves complex security structures. While it is possible to retrieve the Business unit and Teams, which can be used to build a RLS filter, this approach does not account for sharing of records among users.

One possible solution for D365 CE is to use the Audit Logs to track changes to sharing records and build a mapping table that can be joined with the exported data. However, this approach can be resource-intensive and may not provide real-time data.

For D365 F&O, the security is based on the legal entity the user belongs to, which can be easier to manage. In this case, it is recommended to ensure that the correct legal entities are included in the data lake export, which can be used to filter data in Power BI reports using RLS.

Overall, retrieving row-level security from D365 in a data lake export requires careful consideration of the security structure and the available data sources. It may require a combination of approaches to accurately capture the security information required for reporting purposes.

Responsive Resident
Responsive Resident

@Adamboer , thanks for your answer. that's my major point. then how do people build their reporting on Dataverse data ? this puzzles me. 

Community Support
Community Support

Hi @fsim ,


As for how to get this security in your Power BI reports, you can try to use the RLS feature in Power BI Desktop to restrict data access for given users. You can define filters within roles, and rules defined within roles restrict data at the row level.

More details:

Row-level security (RLS) with Power BI - Power BI | Microsoft Learn


Best Regards,

Stephen Tao


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.           

@v-stephen-msft , hi !
Sorry but this is not the issue. I can set up a RLS, but first I need to knwo what filters to apply ! that's my major point !


Helpful resources

PBI November 2023 Update Carousel

Power BI Monthly Update - November 2023

Check out the November 2023 Power BI update to learn about new features.

Community News

Fabric Community News unified experience

Read the latest Fabric Community announcements, including updates on Power BI, Synapse, Data Factory and Data Activator.

Power BI Fabric Summit Carousel

The largest Power BI and Fabric virtual conference

130+ sessions, 130+ speakers, Product managers, MVPs, and experts. All about Power BI and Fabric. Attend online or watch the recordings.

Top Solution Authors