Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

The Power BI Data Visualization World Championships is back! Get ahead of the game and start preparing now! Learn more

Reply
ptmuldoon
Resolver I
Resolver I

RLS not working with UPN?

‎12-13-2024 02:08 PM

I struggling to understand why what I think is a basic RLS role is not returning the correct user.

 

I've create a Gen2 Flow that imports a user table that includes their email address.   I've added that table into a model.  And in that model, within the Roles and the Users table, have added

 

[Email] = USERPRINCIPALNAME()

 

And I have assigned that Role to a group that I know my email address is included in.  But after I created a basic report and added a Card with the user email it returns a different email than mine?  

Labels:
Message 1 of 9
1,071 Views
8 REPLIES 8
Poojara_D12
Super User
Super User

‎12-24-2024 09:02 PM

Hi @ptmuldoon 

 

  • Check USERPRINCIPALNAME() : It returns the logged-in user's email/UPN. Ensure it matches your login in Power BI Service.

  • Test in Service: Publish the report and confirm you're logged in with the correct email.

  • Verify Role Assignment: Confirm your email or group is correctly assigned to the role in the dataset’s Security settings.

  • Debug Output: Add a measure to check what USERPRINCIPALNAME() is returning:

 

CurrentUser = USERPRINCIPALNAME()

 

  • Match Email Format: Ensure EMAIL in your Users table matches the format of USERPRINCIPALNAME() (e.g., user@domain.com).

  • Avoid Multiple Accounts: Ensure you're logged in with the intended account; clear browser cookies or use incognito mode if needed.

  • Group Membership: If using a group, verify your email is part of it in Azure AD.

  • Service Caching: Refresh the dataset if changes were recently made.

 

Did I answer your question? Mark my post as a solution, this will help others!

If my response(s) assisted you in any way, don't forget to drop me a "Kudos" 🙂

Kind Regards,
Poojara
Data Analyst | MSBI Developer | Power BI Consultant
Consider Subscribing my YouTube for Beginners/Advance Concepts: https://youtube.com/@biconcepts?si=04iw9SYI2HN80HKS 

 

Did I answer your question? Mark my post as a solution, this will help others!
If my response(s) assisted you in any way, don't forget to drop me a "Kudos"

Kind Regards,
Poojara - Proud to be a Super User
Data Analyst | MSBI Developer | Power BI Consultant
Consider Subscribing my YouTube for Beginners/Advance Concepts: https://youtube.com/@biconcepts?si=04iw9SYI2HN80HKS
Message 9 of 9
804 Views
0
Anonymous
Not applicable

‎12-24-2024 06:09 PM

Hi @ptmuldoon , hello Jai-Rathinavel  and lbendlin , thank you for your prompt reply!

 

Is there any progress on this issue?

 

If you find any answer is helpful to you, please remember to accept it.

 

It will help others who meet the similar question in this forum.

 

Thank you for your understanding.



Message 8 of 9
835 Views
0
ptmuldoon
Resolver I
Resolver I

‎12-16-2024 07:17 AM

Maybe this is where I'm still getting a little confused.

 

I understand I can't test another user's role in the Service.   But based on what I've done, shouldn't the report be showing myself as the logged in user? 

 

Why would the report show a different User, which is the first user listed alphabetically from the Users Table, and not my own username and information?

 

I just had another user try to access the report as well, and they received an error message of:

"you don't have permission to view the content of direct lake table"

 

I also just tried to hardcode the RLS email address like such, and it still does not show me as the logged in user?

[Email] = "myemail@xyz.com"

 

My desktop report and RLS works all as expected.  I'm just trying now to replicate everything in a Lakehouse and Service, but struggling with getting the RLS to work correctly.

 

Message 6 of 9
919 Views
0
Jai-Rathinavel
Super User
Super User
In response to ptmuldoon

‎12-16-2024 08:00 AM

@ptmuldoon As said RLS will not work if you are a workspace member. The filter expression used while defining the role also will not work. So the answer to "how to display my user principal name". Create a measure with below DAX and pull it inside a card visual and check. 

My UPN = USERPRINCIPALNAME()

 

Thanks,

Jai




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!



Message 7 of 9
911 Views
0
ptmuldoon
Resolver I
Resolver I

‎12-16-2024 06:00 AM

Apologies for the delayed response (was away all weekend).

 

But I'm doing everything here in the Power BI Service and not in desktop.  To summary what I've done is.

 

1. I've created a test Workspace in the Power BI Service.

2. Created a Gen2 Dataflow that imports 1 excel (Users) table

3. Create a TestModel within my Workspace, and added the Users table to the model.

4. Created basic Power BI Report.

5. Created Role, and assigned the Role to a User Group that I know I am a part of

ptmuldoon_0-1734357044570.png

 

ptmuldoon_7-1734357445577.png

 

 

In the report, I've created 2 cards, 1 showing the UserName, and another showing the Email Address. and 1 other table visual of the data.

 

The report appears to be listing the first (alphabetical) of the username and email, and not the logged in user.   And I have confirmed the UPN I am logged in as is listed in the Users table.   My Email is actually 'User7" in this test setup.

ptmuldoon_5-1734357328221.png

 

 
 

 

 
 

 

Message 4 of 9
942 Views
0
Jai-Rathinavel
Super User
Super User
In response to ptmuldoon

‎12-16-2024 06:27 AM

@ptmuldoon RLS will not apply to the dataset owner or workspace members. You have to check the RLS by testing in the Power BI Desktop like below.

 

JaiRathinavel_0-1734358993488.png

 

For Service, you will have to test it with a user who has only read access to the dataset and viewer access to the workspace. Check the below documentation for more information on RLS

https://learn.microsoft.com/en-us/fabric/security/service-admin-row-level-security

 

Did I answer your question ? Please mark my post as a solution.

 

Thanks,

Jai




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!



Message 5 of 9
932 Views
0
Jai-Rathinavel
Super User
Super User

‎12-15-2024 06:38 AM

@ptmuldoon If you are checking the USERPRINCIPALNAME() in Power BI Desktop it might be different. Publish the report and check the card in Power BI service. 

 

Power BI Desktop Value:

 

JaiRathinavel_1-1734273345499.png

 

 

Power BI Service Value:

 

JaiRathinavel_2-1734273411218.png

 

Did I answer your question ? If yes, please mark this post as a solution.

 

Thanks,

Jai

 

 




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!



Message 3 of 9
982 Views
lbendlin
Super User
Super User

‎12-13-2024 05:01 PM

Please explain your setup more.  Where's the model?  Fabric Default, Fabric Custom,  or Power BI workspace/legacy?

 

Row-level security (RLS) with Power BI - Microsoft Fabric | Microsoft Learn

Default Power BI semantic models - Microsoft Fabric | Microsoft Learn

Message 2 of 9
1,041 Views
0

Helpful resources

Announcements
November Power BI Update Carousel

Power BI Monthly Update - November 2025

Check out the November 2025 Power BI update to learn about new features.

Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All
Top Solution Authors
View All