Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join the FabCon + SQLCon recap series. Up next: Power BI, Real-Time Intelligence, IQ and AI, and Data Factory take center stage. All sessions are available on-demand after the live show. Register now

Reply
Shahami
New Member

Power BI RLS

‎04-16-2026 01:35 PM

I’m running into an RLS behavior difference between Power BI Desktop and Power BI Service (Fabric) and would appreciate guidance on the recommended/long‑term approach.

Scenario

I have an RLS rule that needs to support:

  • COINS users (tracked in a dim_system_user table via email/UPN)
  • Non‑COINS users, where access is determined by a BUID embedded in the username (e.g. XYZ123 → BUID = 123), which is then mapped to companies via a BUID table
    In Power BI Desktop, USERNAME() returns values like:  EFS/XYZ123

  • This allowed me to extract the BUID (123) and apply company‑level security successfully.

    However, in Power BI Service / Fabric, USERNAME() instead returns the UPN

    This causes the existing parsing logic to fail, even though the report works as expected in Desktop.
     
    My Quistions:- 
     
    • Is extracting identifiers (like BUID) from the UPN considered an acceptable pattern, or should this logic be moved entirely into a user‑to‑company mapping table?
    • Are there any recommended Microsoft patterns for supporting “non‑system users” in RLS when the only identifier comes from the username?
    • Is there any supported way to normalize Desktop and Service behavior, or should Desktop always be treated as a testing-only environment?

    Goal

    I want a Fabric‑safe, future‑proof RLS approach that:

    • Works consistently in Power BI Service
    • Supports both COINS and non‑COINS users
    • Avoids fragile username parsing if possible

    Appreciate any best‑practice guidance or design recommendations.

Labels:
Message 1 of 9
467 Views
2 ACCEPTED SOLUTIONS
Gabry
Super User
Super User

‎04-16-2026 01:42 PM

Hello,

To my knowledge, there is no way to get the "simple" username in the service; the USERNAME and USERPRINCIPALNAME functions return the same value. In my opinion, using an extraction rule isn't the best approach. You should instead build a mapping table (UPN - Company) and use it with RLS. You can still use your extraction rule to generate this table if no better source is available.

 

View solution in original post

Message 2 of 9
459 Views
grazitti_sapna
Super User
Super User

‎04-16-2026 11:03 PM

Hi @Shahami,

 

Username() in desktop andUsername() in service have different outputs (DOMAIN\Alias and user@company.com respectively)

 

You can use userprinciplename() in Desktop as well to match the service output and then extract buid from it.

 

Better solution would be you create a separate master table with username, buid and cmpany like below

 

| UserKey (UPN)                                 | BUID | Company |
| --------------------------------------------- | ---- | ------- |
| [user1@company.com](mailto:user1@company.com) | 123  | A       |
| [user2@company.com](mailto:user2@company.com) | 456  | B       |
| [user3@company.com](mailto:user3@company.com) | NULL | C       |

 

Then you can use userprincipalname() in Desktop and then map and apply the RLS.

let me know if you have any further questions.

 

🌟 I hope this solution helps you unlock your Power BI potential! If you found it helpful, click 'Mark as Solution' to guide others toward the answers they need.
💡 Love the effort? Drop the kudos! Your appreciation fuels community spirit and innovation.
🎖 As a proud SuperUser and Microsoft Partner, we’re here to empower your data journey and the Power BI Community at large.
🔗 Curious to explore more? [Discover here].
Let’s keep building smarter solutions together!

View solution in original post

Message 5 of 9
392 Views
8 REPLIES 8
v-moharafi-msft
Community Support
Community Support

Thursday

Hi @Shahami ,

 

Could you please confirm if the issue has been resolved? If not, feel free to reach out if you have any further questions.

Your update would be helpful for other members who may face a similar issue.

 

Best Regards,

Abdul Rafi

Message 9 of 9
132 Views
0
v-moharafi-msft
Community Support
Community Support

‎04-21-2026 02:11 AM

Hi @Shahami  ,


Thank you for reaching out to Microsoft Fabric Community and Thanks to @cengizhanarslan  , @Gabry  and @grazitti_sapna  for Sharing valuable insights.


Just wanted to check if you had the opportunity to review the information provided. Please feel free to contact us if you have any further questions. 

 

 Best Regards,

Abdul Rafi.

Message 8 of 9
197 Views
0
cengizhanarslan
Super User
Super User

‎04-17-2026 01:37 AM

The RLS rule is straightforward since USERPRINCIPALNAME() returns the current user's UPN in Power BI Service and you match it directly against your mapping table:

RLS Filter =
USERPRINCIPALNAME() = UserCompanyMap[UPN]

 

Place this on the UserCompanyMap table in your role definition. For both COINS and non-COINS users, ensure their UPN exists in UserCompanyMap with the correct company mapping populated at the data layer during refresh.

_________________________________________________________
If this helped, ✓ Mark as Solution | Kudos appreciated
Connect on LinkedIn | Follow on Medium
AI-assisted tools are used solely for wording support. All conclusions are independently reviewed.
Message 7 of 9
382 Views
grazitti_sapna
Super User
Super User

‎04-16-2026 11:03 PM

Hi @Shahami,

 

Username() in desktop andUsername() in service have different outputs (DOMAIN\Alias and user@company.com respectively)

 

You can use userprinciplename() in Desktop as well to match the service output and then extract buid from it.

 

Better solution would be you create a separate master table with username, buid and cmpany like below

 

| UserKey (UPN)                                 | BUID | Company |
| --------------------------------------------- | ---- | ------- |
| [user1@company.com](mailto:user1@company.com) | 123  | A       |
| [user2@company.com](mailto:user2@company.com) | 456  | B       |
| [user3@company.com](mailto:user3@company.com) | NULL | C       |

 

Then you can use userprincipalname() in Desktop and then map and apply the RLS.

let me know if you have any further questions.

 

🌟 I hope this solution helps you unlock your Power BI potential! If you found it helpful, click 'Mark as Solution' to guide others toward the answers they need.
💡 Love the effort? Drop the kudos! Your appreciation fuels community spirit and innovation.
🎖 As a proud SuperUser and Microsoft Partner, we’re here to empower your data journey and the Power BI Community at large.
🔗 Curious to explore more? [Discover here].
Let’s keep building smarter solutions together!

Message 5 of 9
393 Views
Shahami
New Member
In response to grazitti_sapna

‎04-17-2026 05:31 AM

Thank you. My first thought was also to create a table with UPN, company, BUID etc. Thank you. 

Message 6 of 9
359 Views
0
Gabry
Super User
Super User

‎04-16-2026 01:42 PM

Hello,

To my knowledge, there is no way to get the "simple" username in the service; the USERNAME and USERPRINCIPALNAME functions return the same value. In my opinion, using an extraction rule isn't the best approach. You should instead build a mapping table (UPN - Company) and use it with RLS. You can still use your extraction rule to generate this table if no better source is available.

 

Message 2 of 9
460 Views
Shahami
New Member
In response to Gabry

‎04-17-2026 05:29 AM

Thank you. I thought the same to create mapping table with UPN- Company.

Message 3 of 9
359 Views
grazitti_sapna
Super User
Super User
In response to Shahami

‎04-17-2026 05:35 AM

Hi @Shahami,

 

Kindly mark as solution it i was able to answer the query

Message 4 of 9
349 Views
0

Helpful resources

Announcements
April Power BI Update Carousel

Power BI Monthly Update - April 2026

Check out the April 2026 Power BI update to learn about new features.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

FabCon and SQLCon Highlights Carousel

FabCon &SQLCon Highlights

Experience the highlights from FabCon & SQLCon, available live and on-demand starting April 14th.

View All