Hi,
I have a challenge regarding how to set up row-level security for people outside our organization who have been invited as Azure guest users.
My Row Level Security User table in Power BI is in the following format:
| Name | Email | Department |
| John | John@CustomDomain.com | Production |
Then I used the standard approach where a role called "department access" has been added:
Email = PrincipleName()
I read Microsoft's documentation, and it seems that the PrincipalName() should be returned in the email format when a user is logging in:
"John@CustomDomain.com"
But, when I test the role in Power BI service the users PrincipleName() is returned in the external organisation format:
John_CustomDomain.com#EXT@OrgDomain.onmicrosoft.com.
To my knowledge, this will break the row-level security.
I have thought of two solutions:
Solution 1: Fix it in my DAX security role logic:
[Medarbejder Email] =
IF(
CONTAINSSTRING(USERPRINCIPALNAME(), "#EXT#"),
SUBSTITUTE(LEFT(USERPRINCIPALNAME(), SEARCH("#EXT#", USERPRINCIPALNAME(), 1) - 1), "_", "@"),
USERPRINCIPALNAME()
)
This should ensure that the extracted Principle name can be used to match the Email in my RLS table.
Solution 2: Add all the PrincipalNames manually to my User Row Level table in Power BI.
I am looking for some advice or experiences on this challenge.
