@Anonymous
With my test, I cannot reproduce that issue, both copy paste email and select from list works.
The other possibility is if you and your colleagues are not in the same domain and tenant, simply enter the emails will not work with RLS for those external guest users. You can only add them to role and test with the role instead of the individual user.
Paul Zheng _ Community Support Team
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
@Anonymous - If they are Viewer only to the workspace, RLS should apply. You will need to test as that user specifically though.
@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)
DAX is easy, CALCULATE makes DAX hard...
Hi
This is interesting. It seems when I test this in Desktop as "other user" I replicate the issue I see on PowerBI service. Therefore perhaps i have not configured this correctly?
This is my Manage roles screen
(excuse the censorship of sensitive tables!)
If i click "view as roles" and select pension, I get the correct result in Desktop. However if I click view as roles, other, and copy paste that users email address - exactly as it is written in the "manage roles" screen, i get the wrong result.
Can anyone spot anything obvious I have done wrong? My tables are set up as follows:
@Anonymous
With my test, I cannot reproduce that issue, both copy paste email and select from list works.
The other possibility is if you and your colleagues are not in the same domain and tenant, simply enter the emails will not work with RLS for those external guest users. You can only add them to role and test with the role instead of the individual user.
Paul Zheng _ Community Support Team
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
@Anonymous
Looking at your model, it does not appear that your RLS filter will pass through the UserGroup table, despite having a bidirectional filter setup.
I built a similar table in Power BI to demonstrate:
Here i'm filtering the Users table and trying to get that RLS rule from "Users" to "Teams".
I'll select view as and type my target email in the "Other User" box.
Once RLS is 'applied' you can enter to "table view" to see how your model is filtered by the rule.
My users table and userGroups table are filtered as expected:
But my teams table is not:
This is at the heart of what is going wrong in your situation.
You would expect to only see two teams filtered in the Teams table - but all 4 are showing, indicating that it is not being filtered by the RLS (despite the two way filter).
If you are going for dynamic RLS (which it looks like you are), then it's best practice to also use "Username() or Userprincipalname() in your RLS DAX (as I show above). Type the email in the view as role popup, rather than in the DAX rule area itself.
Check out this video for one possible solution to this problem.
https://www.youtube.com/watch?time_continue=1&v=Sge_g9hTXWE&feature=emb_logo
There are other ways around this problem, but this should get you started.
Helpful resources
Power BI Monthly Update - April 2024
Check out the April 2024 Power BI update to learn about new features.
Fabric Community Update - April 2024
Find out what's new and trending in the Fabric Community.
