Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling all Data Engineers! Fabric Data Engineer (Exam DP-700) live sessions are back! Starting October 16th. Sign up.

Reply
milankRaj
Advocate I
Advocate I

Dynamic Row Level Security - Single Role for all the User

‎03-12-2019 07:34 AM

Hi ,

 

We have two tables : One is a userrole table and another is Summary table. I want to implement dynamic RLS in this report with the following condition - If a Area level user  login to the report with his login, he should be able to see all the data corresponding to that Area. Similarly for Region and country users. How can we implement this using single dynamic role?

SummarySummaryuserrolesuserroles

Labels:
Message 1 of 4
5,533 Views
1 ACCEPTED SOLUTION
nandukrishnavs
Community Champion
Community Champion

‎03-12-2019 11:21 PM

Hi Milan,

 

1. create a calculated column called Role in userroles table.

 

 

Role = 
VAR areaname = userroles[Area]
VAR regionname = userroles[Region]
VAR countryname = userroles[Country]
VAR result =
    IF (
        countryname <> BLANK (),
        "Country",
        IF ( regionname <> BLANK (), "Region", IF ( areaname <> BLANK (), "Area", "" ) )
    )
RETURN
    result

2. Create a Role called AllRoles in Manage Roles window.

 

Apply the below DAX filter in the summary table.

 

VAR role =
CALCULATE (
    SELECTEDVALUE ( userroles[Role] ),
    userroles[Username] = USERPRINCIPALNAME ()
)


VAR a =
CALCULATE (
    SELECTEDVALUE ( userroles[Area] ),
    userroles[Username] = USERPRINCIPALNAME ()
)


VAR r =
CALCULATE (
    SELECTEDVALUE ( userroles[Region] ),
    userroles[Username] = USERPRINCIPALNAME ()
)


VAR c =
CALCULATE (
    SELECTEDVALUE ( userroles[Country] ),
    userroles[Username] = USERPRINCIPALNAME ()
)


RETURN (
IF(role="Area",[AccountHdqArea]= a,
   IF(role="Region",[AccountHdqRegion] = r,
       IF(role="Country",[AccountHdqCountryName] = c)
      )
   )
)

Apply the below DAX filter in the userroles table.

 

[Username] =USERPRINCIPALNAME()

 

Now you can map all the users in AllRoles in the Power BI service.

 

Try out this solution and let me know if it is working for you.


Regards,
Nandu Krishna

View solution in original post

Message 2 of 4
5,521 Views
3 REPLIES 3
nandukrishnavs
Community Champion
Community Champion

‎03-12-2019 11:21 PM

Hi Milan,

 

1. create a calculated column called Role in userroles table.

 

 

Role = 
VAR areaname = userroles[Area]
VAR regionname = userroles[Region]
VAR countryname = userroles[Country]
VAR result =
    IF (
        countryname <> BLANK (),
        "Country",
        IF ( regionname <> BLANK (), "Region", IF ( areaname <> BLANK (), "Area", "" ) )
    )
RETURN
    result

2. Create a Role called AllRoles in Manage Roles window.

 

Apply the below DAX filter in the summary table.

 

VAR role =
CALCULATE (
    SELECTEDVALUE ( userroles[Role] ),
    userroles[Username] = USERPRINCIPALNAME ()
)


VAR a =
CALCULATE (
    SELECTEDVALUE ( userroles[Area] ),
    userroles[Username] = USERPRINCIPALNAME ()
)


VAR r =
CALCULATE (
    SELECTEDVALUE ( userroles[Region] ),
    userroles[Username] = USERPRINCIPALNAME ()
)


VAR c =
CALCULATE (
    SELECTEDVALUE ( userroles[Country] ),
    userroles[Username] = USERPRINCIPALNAME ()
)


RETURN (
IF(role="Area",[AccountHdqArea]= a,
   IF(role="Region",[AccountHdqRegion] = r,
       IF(role="Country",[AccountHdqCountryName] = c)
      )
   )
)

Apply the below DAX filter in the userroles table.

 

[Username] =USERPRINCIPALNAME()

 

Now you can map all the users in AllRoles in the Power BI service.

 

Try out this solution and let me know if it is working for you.


Regards,
Nandu Krishna

Message 2 of 4
5,522 Views
SimonGotte
Regular Visitor
In response to nandukrishnavs

‎12-04-2019 06:33 AM

Thank you for a good solution @nandukrishnavs 

 

I have tried to use this in my RLS-setup and have run into a problem. In my company, a user can have access to several different countries not in the same area. I have approached this by having new lines for each country.

 

When I try to use your approach I run into the problem that SELECTEDVALUE will only accept a single value, or return a blank.

 

Do you have any suggestions for when there is a possibility of an array of countries, that does not qualify as an area, that need to be accessed through the RLS?

 

Many thanks

Simon

Message 3 of 4
3,976 Views
0
nandukrishnavs
Community Champion
Community Champion
In response to SimonGotte

‎12-04-2019 07:47 PM

@SimonGotte  - You can try VALUES () 

 

PLease refer below code sample. 

 

//getting the admin list

VAR adminUser = values(Admin[Admin])

//if the loged in user is available in admin list, no filter condition is applying

VAR result = 
IF ( USERPRINCIPALNAME() IN adminUser,TRUE(),
       [Counselor Email Address] = USERPRINCIPALNAME() 
)

RETURN result

 

Regards,

Nandu Krishna


Regards,
Nandu Krishna

Message 4 of 4
3,957 Views

Helpful resources

Announcements
FabCon Global Hackathon Carousel

FabCon Global Hackathon

Join the Fabric FabCon Global Hackathon—running virtually through Nov 3. Open to all skill levels. $10,000 in prizes!

September Power BI Update Carousel

Power BI Monthly Update - September 2025

Check out the September 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All