Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Join the FabCon + SQLCon recap series. Up next: Power BI, Real-Time Intelligence, IQ and AI, and Data Factory take center stage. All sessions are available on-demand after the live show. Register now

Reply
Siboska
Helper II
Helper II

Row-Level-Security for External Azure users

‎07-30-2024 11:31 PM

Hi,

I have a challenge regarding how to set up row-level security for people outside our organization who have been invited as Azure guest users.

My Row Level Security User table in Power BI is in the following format:

NameEmailDepartment
JohnJohn@CustomDomain.comProduction

 

Then I used the standard approach where a role called "department access" has been added:

 

Email = PrincipleName()

 

 

I read Microsoft's documentation, and it seems that the PrincipalName() should be returned in the email format when a user is logging in:
"John@CustomDomain.com"

But, when I test the role in Power BI service the users PrincipleName() is returned in the external organisation format:

John_CustomDomain.com#EXT@OrgDomain.onmicrosoft.com.

 

To my knowledge, this will break the row-level security.

 

I have thought of two solutions:

 

Solution 1: Fix it in my DAX security role logic:

 

[Medarbejder Email] = 
IF(
    CONTAINSSTRING(USERPRINCIPALNAME(), "#EXT#"),
    SUBSTITUTE(LEFT(USERPRINCIPALNAME(), SEARCH("#EXT#", USERPRINCIPALNAME(), 1) - 1), "_", "@"),
    USERPRINCIPALNAME()
)

 

This should ensure that the extracted Principle name can be used to match the Email in my RLS table.

 


Solution 2: Add all the PrincipalNames manually to my User Row Level table in Power BI.

 

 

I am looking for some advice or experiences on this challenge.

 

Labels:
Message 1 of 2
421 Views
0
1 ACCEPTED SOLUTION
Siboska
Helper II
Helper II

‎07-30-2024 11:59 PM

Update:

When one of the users tested the report, it returned his actual email.
I guess the answer is that it isn’t possible to test an external user's PrincipalName.

I will close the ticket.

View solution in original post

Message 2 of 2
400 Views
0
1 REPLY 1
Siboska
Helper II
Helper II

‎07-30-2024 11:59 PM

Update:

When one of the users tested the report, it returned his actual email.
I guess the answer is that it isn’t possible to test an external user's PrincipalName.

I will close the ticket.

Message 2 of 2
401 Views
0

Helpful resources

Announcements
April Power BI Update Carousel

Power BI Monthly Update - April 2026

Check out the April 2026 Power BI update to learn about new features.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

FabCon and SQLCon Highlights Carousel

FabCon &SQLCon Highlights

Experience the highlights from FabCon & SQLCon, available live and on-demand starting April 14th.

View All