Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
shashanm
Frequent Visitor

Power BI RLS Complex Scenario

‎04-16-2023 12:39 AM

Hi, So I’m embedding a Power BI report in an application and I’m trying to implement RowLevelSecurity in Power BI to restrict access to data based on the User Permissions. 

 

Tables - 

  1. Order Level - The table on which the RLS needs to be applied. Each Order in this table has a BillTo, Shipper, Receiver & Fleet Code
  2. UserPermissions table - This table has permissions defined in the following way -

 

shashanm_0-1681630832876.png

 

 

OR I can still group by UserId & Group to get it in the following way (why? please read-on)

shashanm_6-1681630352993.png

 

A user can have access to one or more of these codes and these codes come from different groups. There is one catch though - 

  1. For a given group, the User should have access to Orders which have ALL (not ANY) of the codes matching. If a User has access to 2 BillTo Codes, 2 Shipper & 1 Receiver code from a dataset then my filter condition on OrderLevel would be - WHERE BillTo in (BillToCodes) AND Shipper in (ShipperCodes) AND Receiver in (ReceiverCodes)
  2. We do this on all groups the User has access to & finally do a UNION (NOT INTERSECTION) of the OrderList from each of these groups

 

A User can have access defined using 1 or n groups. The access can be defined based on any of these codes (A User can have access to only BillTo or only Shipper or only Receiver or a combination of BillTo, Shipper or BillTo, Receiver or Receiver, Shipper codes or all 3)

 

See the expected result below to know the logic in its entirety -

shashanm_7-1681630486528.png

I’m able to pass the UserId to Power BI in the embed token and filter the UserPermissions table based on the User login. 

My next steps would be to - 

  1. Identify the distinct groups a user has access to (each user can have 0 to n)
  2. Loop over these groups
  3. For each group, get the Codes (one or more types) the User has access to (user can have one or more types of codes)
  4. Identify Order Nos which have ALL of these codes matching & store them in a variable
  5. Add Order Nos from all the groups to this variable
  6. Use this variable to filter the OrderLevel table using the OrderNos from the above variable

I'm able to pass the User Id in the embed token & I already have an RLS in place with the help of a DAX query, but thtat's a very simplistic case. Any help on solving this is appreciated. Thanks in advance!!

 

Labels:
Message 1 of 2
1,260 Views
0
1 REPLY 1
GilbertQ
Super User
Super User

‎06-24-2024 03:14 PM

Hi @shashanm 

 

Could you look at dynamic RLS and see if that will work?

 

https://www.kasperonbi.com/power-bi-desktop-dynamic-security-cheat-sheet/





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 2
702 Views
0

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All