Reply
avatar user
Anonymous
Not applicable

RLS external user userprincipalname

Hi 

I have a report that needs to be shared with external users and they can only see their own data. So I have set up a RLS with userprinciplename(). The filtering goes through company and emails that belong to that company, stored in excelfile so it can be updated when there is a new company or user is coming in.

 

Which emailaddress should I use for in the excelfile, the normal emailaddress or the emailaddress with prefx #EXT# that can be found in the service under security - add or give permission to app, --> basically the emailaddress that is known in admin?!

 

 

1 ACCEPTED SOLUTION
Tutu_in_YYC
Super User
Super User

Hi Coan7,

I can confirm that USERPRINCIPALNAME will identify the normal email of that external user. The normal email (not the EXT) definitely can be used for RLS. 

View solution in original post

4 REPLIES 4
Tutu_in_YYC
Super User
Super User

That is good to know! Thanks for sharing.

Tutu_in_YYC
Super User
Super User

Hi Coan7,

I can confirm that USERPRINCIPALNAME will identify the normal email of that external user. The normal email (not the EXT) definitely can be used for RLS. 

avatar user
Anonymous
Not applicable

Ok, tnx! I noticed that for testing role you need to use the #EXT# one. So basically its not possible to test rls on external emailaddres unless you add the #EXT to the emaillist as well.

Thank you for mentioning this. Have been struggling to test my security (view as -> entering external user) for a while now!

avatar user

Helpful resources

Announcements
March PBI video - carousel

Power BI Monthly Update - March 2025

Check out the March 2025 Power BI update to learn about new features.

March2025 Carousel

Fabric Community Update - March 2025

Find out what's new and trending in the Fabric community.

Top Solution Authors (Last Month)
Top Kudoed Authors (Last Month)