Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
Marco233
Frequent Visitor

RLS issue in the application

‎07-30-2024 03:37 AM

Hello everyone,

 

I have following issue to solve: I have an application based on the workspace that contains four reports, all based on one dataset. Additionally, the dataset has two RLS roles: 'Full Access' which means full access to the reports content and 'Project Manager' which means limited visibility for users.

 

I want to achieve the following effect:
Report 1: access for users added to AD groups based on the 'Project Manager' RLS
Report 2, 3 and 4: access for specific people (not AD group) based on the 'Full Access' RLS

 

What did I try to do? I removed the accesses on the workspace level and added four different 'Audience' tabs in the application for each report. It looks like this:
Report 1: adding AD groups to recipients
Report 2, 3 and 4: add specific people to recipients for each report

In the case of Report 1, everything looks good, but there is a problem in the case of reports 2, 3 and 4, because, as I mentioned above, all users should be able to see the full content of the reports ('Full Access' RLS), but unfortunately some people are assigned to 'Project Manager' RLS because this is what Report 1 requires.

 

Is there any solution so that for Reports 2,3 and 4 all users can see all content, regardless of RLS?

Message 1 of 8
630 Views
1 ACCEPTED SOLUTION
asadmd93
Advocate I
Advocate I
In response to Marco233

‎07-30-2024 08:39 AM

Then you can follow this approach:

Create Separate RLS Roles:
Project Manager Role: For conditional access.
Full Access Role: For full access.

DAX for Project Manager Role:
[Column1] = USERPRINCIPALNAME() ||

[Column2] = USERPRINCIPALNAME() ||

[Column3] = USERPRINCIPALNAME() ||

[Column4] = USERPRINCIPALNAME()

DAX for Full Access Role:TRUE()

Implementation Steps:

Create Roles in Power BI Desktop:
Go to "Modeling" -> "Manage Roles".
Create "Project Manager" role with the DAX filter for limited access.
Create "Full Access" role with TRUE() DAX filter.
Publish the Dataset: Publish the dataset to the Power BI service.
Assign Users to Roles in Power BI Service: Under "Security" for the dataset, assign users to the appropriate roles.
Configure Report Access in Power BI App:
In the app, configure access:
For Report 1, assign the AD groups to "Project Manager" role.
For Reports 2, 3, and 4, assign specific people to "Full Access" role.

 

If my post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 8 of 8
495 Views
7 REPLIES 7
asadmd93
Advocate I
Advocate I

‎07-30-2024 06:03 AM

Try modifying the conditions using the DAX code below:

'RoleName' =

IF(

    USERPRINCIPALNAME() IN {"user1@example.com", "user2@example.com"},

    TRUE(),

    [Column1] = USERPRINCIPALNAME() ||

    [Column2] = USERPRINCIPALNAME() ||

    [Column3] = USERPRINCIPALNAME() ||

    [Column4] = USERPRINCIPALNAME()

)



Full Access for Specific Users: If the user's email is in the list {"user1@example.com", "user2@example.com"}, they get full access to all data (TRUE()).

 

Conditional Access for Others: If the user's email is not in the list, the access is restricted based on whether their email matches any of the values in Column1, Column2, Column3, or Column4.

 

Let me know if that works. 

Message 6 of 8
572 Views
0
Marco233
Frequent Visitor
In response to asadmd93

‎07-30-2024 06:57 AM

In my opinion it won't work because there are some users who have Conditional Access for Report 1 (they are in Column1, Column2, Column3 or Column4) and at the same time they should have Full Access to Report 2, 3 and 4.

 

I mentioned about it here. Sorry if it was unclear.

"In the case of Report 1, everything looks good, but there is a problem in the case of reports 2, 3 and 4, because, as I mentioned above, all users should be able to see the full content of the reports ('Full Access' RLS), but unfortunately some people are assigned to 'Project Manager' RLS because this is what Report 1 requires."

Message 7 of 8
529 Views
0
asadmd93
Advocate I
Advocate I
In response to Marco233

‎07-30-2024 08:39 AM

Then you can follow this approach:

Create Separate RLS Roles:
Project Manager Role: For conditional access.
Full Access Role: For full access.

DAX for Project Manager Role:
[Column1] = USERPRINCIPALNAME() ||

[Column2] = USERPRINCIPALNAME() ||

[Column3] = USERPRINCIPALNAME() ||

[Column4] = USERPRINCIPALNAME()

DAX for Full Access Role:TRUE()

Implementation Steps:

Create Roles in Power BI Desktop:
Go to "Modeling" -> "Manage Roles".
Create "Project Manager" role with the DAX filter for limited access.
Create "Full Access" role with TRUE() DAX filter.
Publish the Dataset: Publish the dataset to the Power BI service.
Assign Users to Roles in Power BI Service: Under "Security" for the dataset, assign users to the appropriate roles.
Configure Report Access in Power BI App:
In the app, configure access:
For Report 1, assign the AD groups to "Project Manager" role.
For Reports 2, 3, and 4, assign specific people to "Full Access" role.

 

If my post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 8 of 8
496 Views
asadmd93
Advocate I
Advocate I

‎07-30-2024 05:15 AM

Need more clarification. 

Column1, Column2, Column3, Column4 have only the the email address of the people? Do you have a designation column other than email address of the people?

Message 4 of 8
589 Views
Marco233
Frequent Visitor
In response to asadmd93

‎07-30-2024 05:35 AM

Yes, all columns only contain email addresses of people and this is the only condition in the 'Project Manager' RLS rule.

Message 5 of 8
582 Views
asadmd93
Advocate I
Advocate I

‎07-30-2024 04:57 AM

Do you have any particular column on the report through which you are implementing the RLS?

Message 2 of 8
598 Views
Marco233
Frequent Visitor
In response to asadmd93

‎07-30-2024 05:05 AM

Yes, RLS is based on a combination of four columns. This is the formula for the 'Project Manager' RLS.

[Column1] = USERPRINCIPALNAME() || [Column2] = USERPRINCIPALNAME() || [Column3] = USERPRINCIPALNAME() || [Column4] = USERPRINCIPALNAME()

Message 3 of 8
597 Views

Helpful resources

Announcements
Power BI DataViz World Championships

Power BI Dataviz World Championships

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now!

December 2025 Power BI Update Carousel

Power BI Monthly Update - December 2025

Check out the December 2025 Power BI Holiday Recap!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All