Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Try your skills in the Power BI Dataviz World Championship! Round one ends June 26. Join now

Reply
Siboska
Helper II
Helper II

Row-Level-Security for External Azure users

‎07-30-2024 11:31 PM

Hi,

I have a challenge regarding how to set up row-level security for people outside our organization who have been invited as Azure guest users.

My Row Level Security User table in Power BI is in the following format:

NameEmailDepartment
JohnJohn@CustomDomain.comProduction

 

Then I used the standard approach where a role called "department access" has been added:

 

Email = PrincipleName()

 

 

I read Microsoft's documentation, and it seems that the PrincipalName() should be returned in the email format when a user is logging in:
"John@CustomDomain.com"

But, when I test the role in Power BI service the users PrincipleName() is returned in the external organisation format:

John_CustomDomain.com#EXT@OrgDomain.onmicrosoft.com.

 

To my knowledge, this will break the row-level security.

 

I have thought of two solutions:

 

Solution 1: Fix it in my DAX security role logic:

 

[Medarbejder Email] = 
IF(
    CONTAINSSTRING(USERPRINCIPALNAME(), "#EXT#"),
    SUBSTITUTE(LEFT(USERPRINCIPALNAME(), SEARCH("#EXT#", USERPRINCIPALNAME(), 1) - 1), "_", "@"),
    USERPRINCIPALNAME()
)

 

This should ensure that the extracted Principle name can be used to match the Email in my RLS table.

 


Solution 2: Add all the PrincipalNames manually to my User Row Level table in Power BI.

 

 

I am looking for some advice or experiences on this challenge.

 

Labels:
Message 1 of 2
468 Views
0
1 ACCEPTED SOLUTION
Siboska
Helper II
Helper II

‎07-30-2024 11:59 PM

Update:

When one of the users tested the report, it returned his actual email.
I guess the answer is that it isn’t possible to test an external user's PrincipalName.

I will close the ticket.

View solution in original post

Message 2 of 2
447 Views
0
1 REPLY 1
Siboska
Helper II
Helper II

‎07-30-2024 11:59 PM

Update:

When one of the users tested the report, it returned his actual email.
I guess the answer is that it isn’t possible to test an external user's PrincipalName.

I will close the ticket.

Message 2 of 2
448 Views
0

Helpful resources

Announcements
Fabric Data Days is here Carousel

Fabric Data Days 2026

Don't miss out on Data Days, June 15 through August 7. Learn Fabric, Power BI, SQL, AI and more.

May Power BI Update Carousel

Power BI Monthly Update - May 2026

Check out the May 2026 Power BI update to learn about new features.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All