Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
RustyO
Frequent Visitor

Row Level Security (RLS) not working. Specific domain / Email addresses?

‎06-12-2022 05:57 PM

Hi All,

 

I have identified anomalies when attempting to apply Row Level Security to specific email addresses only. This is across three domains [ .com | .com.au | .co.uk ]

 

To replicate the scenario I created a simple test / proof of concept. One table. One Security Role. One Measure.

 

The Security Users table is sourced from an Excel workbook. Seven email addresses across the three domains:

 

15545 Microsoft 0010.png

 

I have created a single role called Security. This is applied to the Security Users table as [Principal] = USERPRINCIPALNAME()

 

15545 Microsoft 0020.png

 

I have created a measure to sanity check: mUserPrincipalName = USERPRINCIPALNAME()

 

Desktop Row Level Security logic works as expected. "View As" etc. Publishes to the service fine.

 

All email addresses are valid in the service, have been added to the Security group:

 

15545 Microsoft 0030.png

 

The problem:

 

  • The .com (#4) and .com.au (#1 & #2) addresses work as expected.
  • The .co.uk (#3, #5 & #6) addresses do not work as expected, all data is shown. 

 

Naturally this leads to the idea that it is a domain specific issue, but not sure where to look?

 

Any adivce would be appreciated.

 

Thanks in advance.

 

 

Labels:
Message 1 of 2
418 Views
0
1 REPLY 1
Tutu_in_YYC
Super User
Super User

‎06-13-2022 03:02 PM

The only way RLS is overwritten if the users are members in the workspace and have one of these following roles:
1-admin

2-member

3-contributor


If they are assigned with any of these, RLS will show everything. Can you check if they are members of the workspace? They could also be hidden in a security group.

Message 2 of 2
351 Views
0

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

View All