Hi all,
I'm trying to incorporate some row level security into my reports.
I'm doing this by adding some DAX filtering into my dimension tables.
The first table I have is a restrictions table, which gathers all restrictions set by the organization. If the table is empty, the User has full access to the data. If there exists a row in the table, the User can only see the data in that row.
Restriction table:
| Restriction Id | User Id | Team Id |
| 34 | 100 | 1 |
| 35 | 101 | 2 |
Example:
| Staff List |
| User Id | Name | Team Id |
| 100 | John Smith | 1 |
| 101 | Jane Doe | 2 |
| 102 | Sarah Stephens | 3 |
| 103 | Daniel Smith | 1 |
User Id 100 can only see data for Team Id = 1, meaning when John Smith views the Staff List, he will only be able to see data for John Smith and Daniel Smith, also in Team Id=1.
When Jane Doe views the data, she will only be able to see data for herself as she has a restriction to only view Team Id =2.
(REQUEST) When Sarah Stephens views the data, she will be able to see everything as no restriction exists against her in the Restrictions table.
The restriction table gets filtered when the user views the report:
> IF('Restriction'[User Id]=VALUE(USERNAME()),TRUE(),FALSE)
(Intentionally using Username over UsernamePrincipal here, then converting to value as its an integer).
The plan is to then evaluate my Staff list table in the dax filtering, something like
- If Restrictions table is empty, show everything, else apply the restrictions.
The problem I seem to be having is I am struggling to find a way to evaluate the Restrictions table for it to be empty. Most functions appear to not be compatible with RLS.
I've played around with using MIN/MAX functions but they didn't work out for me.
Thanks in advance.
