Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now

Reply
selvaskm
Frequent Visitor

RLS - Limit users belongs only to that department

Hi Experts,

I have a users table in my dataset as below. (This table is disconnected)

selvaskm_0-1720107435639.png


I need to implement RLS, where users belongs only to the "HR" department must not see any data, whereas the rest of users have to see all the data in the report.

Summary:
User3 and User5  - Data restricted as whole
Remaining Users - Access to All data.

How can we create DAX under role to achieve this.
Pls advice

1 ACCEPTED SOLUTION
v-tangjie-msft
Community Support
Community Support

Hi @selvaskm ,

 

First of all, thanks @NaveenGandhi  for the quick reply. Allow me to provide additional insights:
You can use the following DAX:

 

COUNTROWS(FILTER('user_table',[username]==USERPRINCIPALNAME() && [department] <>"HR"))>0

 

vtangjiemsft_0-1720426668965.png

Then the result is as follows.

vtangjiemsft_1-1720426705897.pngvtangjiemsft_2-1720426743675.png

 

Best Regards,

Neeko Tang

If this post  helps, then please consider Accept it as the solution  to help the other members find it more quickly. 

View solution in original post

3 REPLIES 3
v-tangjie-msft
Community Support
Community Support

Hi @selvaskm ,

 

First of all, thanks @NaveenGandhi  for the quick reply. Allow me to provide additional insights:
You can use the following DAX:

 

COUNTROWS(FILTER('user_table',[username]==USERPRINCIPALNAME() && [department] <>"HR"))>0

 

vtangjiemsft_0-1720426668965.png

Then the result is as follows.

vtangjiemsft_1-1720426705897.pngvtangjiemsft_2-1720426743675.png

 

Best Regards,

Neeko Tang

If this post  helps, then please consider Accept it as the solution  to help the other members find it more quickly. 

selvaskm
Frequent Visitor

Hi @NaveenGandhi 
Thanks for reply.
In my dataset relationship is not there between user_table and fact_table.
As we need to see "Full data" or "No data" for certain users.

VAR loggeduser = MAXX(FILTER( UsersTable, UsersTable[username] = USERPRINCIPLENAME() ), UsersTable[Department])
RETURN
IF(loggeduser <> "HR", TRUE(), FALSE()
)

it gives expected results when as user is belongs to HR alone (1 record only in usertable),
but if a user have more departments then it will take maximum value.
In that case we may have incorrect access 


NaveenGandhi
Super User
Super User

Hi @selvaskm 

https://learn.microsoft.com/en-us/fabric/security/service-admin-row-level-security

You definetly need a relationship between the secuirty table and you main table. Once you have a relationship follow the above first 8 steps in "Define roles and rules in Power BI Desktop

" section. But in the 6th step use below DAX



NOT([department] = "HR")


Then follow the steps on "
Manage security on your model" section in the same article and add the emails of users except HR.

Test the RLS once setup.
 

 If this post helps, then please consider Accept it as the solution to help the others find it more quickly. Appreciate you kudos!!





Helpful resources

Announcements
November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Live Sessions with Fabric DB

Be one of the first to start using Fabric Databases

Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.

Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.

Nov PBI Update Carousel

Power BI Monthly Update - November 2024

Check out the November 2024 Power BI update to learn about new features.