RLS external user userprincipalname

Anonymous · ‎03-23-2022

Hi

I have a report that needs to be shared with external users and they can only see their own data. So I have set up a RLS with userprinciplename(). The filtering goes through company and emails that belong to that company, stored in excelfile so it can be updated when there is a new company or user is coming in.

Which emailaddress should I use for in the excelfile, the normal emailaddress or the emailaddress with prefx #EXT# that can be found in the service under security - add or give permission to app, --> basically the emailaddress that is known in admin?!

Tutu_in_YYC · ‎03-23-2022

Hi Coan7,

I can confirm that USERPRINCIPALNAME will identify the normal email of that external user. The normal email (not the EXT) definitely can be used for RLS.

View solution in original post

Tutu_in_YYC · ‎03-24-2022

That is good to know! Thanks for sharing.

Tutu_in_YYC · ‎03-23-2022

Hi Coan7,

I can confirm that USERPRINCIPALNAME will identify the normal email of that external user. The normal email (not the EXT) definitely can be used for RLS.

Anonymous · ‎03-24-2022

Ok, tnx! I noticed that for testing role you need to use the #EXT# one. So basically its not possible to test rls on external emailaddres unless you add the #EXT to the emaillist as well.

VolueHelge · ‎11-01-2022

Thank you for mentioning this. Have been struggling to test my security (view as -> entering external user) for a while now!

RLS external user userprincipalname

RLS external user userprincipalname

Helpful resources

Power BI Monthly Update - March 2025

Fabric Community Update - March 2025

RLS for external B2C users

RLS for External guest users

RLS and UserPrincipalName()

Dynamic RLS with User

RLS Dynamic with Multiple Users