Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

To celebrate FabCon Vienna, we are offering 50% off select exams. Ends October 3rd. Request your discount now.

Reply
radhk0405
Frequent Visitor

How to handle complex RLS requirements?

‎11-11-2024 01:08 PM

In Power BI, how do you handle exception scenarios for row-level security (RLS)?

For example: Cross department access

 

Do you create individual security groups for each unique combination of users, or do you use another approach to manage access?

Currently, some teams use a security table that maps users to roles and permissions, which is then joined with the main data table to enforce access rules dynamically. While we also use Azure AD groups, these are quite static, based on department or organizational hierarchy, and aren’t flexible enough to handle exceptions.

 

Is anyone following a different or more flexible approach for managing complex RLS requirements? If so, I'd appreciate any suggestions or insights on alternative methods.

Dynamic Row Level Security

Labels:
Message 1 of 3
388 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎11-15-2024 12:19 AM

Hi @radhk0405 ,

 

For finer data access, you can leverage user attributes, such as user names or email addresses, to dynamically filter data. For example, you can add a table containing user information to the data model and associate it with the main table. You can then use a DAX function such as USERPRINCIPALNAME() to obtain information about the current user and apply filters based on this information. For example, you can create a table with department and user's UPN and dynamically generate filters based on this information.

 

 

 

Best regards,

Mengmeng Li

Message 3 of 3
277 Views
0
GilbertQ
Super User
Super User

‎11-11-2024 02:14 PM

Hi @radhk0405 

 

If a particular user needs to be across departments, and you have got row level security on a per department access, simply add the user to both departments. Power bi RLS security uses a least privilege access, which means, if a user exists in two departments, they'll be able to take both data and leave the deparments.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 3
354 Views
0

Helpful resources

Announcements
September Power BI Update Carousel

Power BI Monthly Update - September 2025

Check out the September 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All