Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Level up your Power BI skills this month - build one visual each week and tell better stories with data! Get started

Reply
Siboska
Helper II
Helper II

Row-Level-Security for External Azure users

‎07-30-2024 11:31 PM

Hi,

I have a challenge regarding how to set up row-level security for people outside our organization who have been invited as Azure guest users.

My Row Level Security User table in Power BI is in the following format:

NameEmailDepartment
JohnJohn@CustomDomain.comProduction

 

Then I used the standard approach where a role called "department access" has been added:

 

Email = PrincipleName()

 

 

I read Microsoft's documentation, and it seems that the PrincipalName() should be returned in the email format when a user is logging in:
"John@CustomDomain.com"

But, when I test the role in Power BI service the users PrincipleName() is returned in the external organisation format:

John_CustomDomain.com#EXT@OrgDomain.onmicrosoft.com.

 

To my knowledge, this will break the row-level security.

 

I have thought of two solutions:

 

Solution 1: Fix it in my DAX security role logic:

 

[Medarbejder Email] = 
IF(
    CONTAINSSTRING(USERPRINCIPALNAME(), "#EXT#"),
    SUBSTITUTE(LEFT(USERPRINCIPALNAME(), SEARCH("#EXT#", USERPRINCIPALNAME(), 1) - 1), "_", "@"),
    USERPRINCIPALNAME()
)

 

This should ensure that the extracted Principle name can be used to match the Email in my RLS table.

 


Solution 2: Add all the PrincipalNames manually to my User Row Level table in Power BI.

 

 

I am looking for some advice or experiences on this challenge.

 

Labels:
Message 1 of 2
440 Views
0
1 ACCEPTED SOLUTION
Siboska
Helper II
Helper II

‎07-30-2024 11:59 PM

Update:

When one of the users tested the report, it returned his actual email.
I guess the answer is that it isn’t possible to test an external user's PrincipalName.

I will close the ticket.

View solution in original post

Message 2 of 2
419 Views
0
1 REPLY 1
Siboska
Helper II
Helper II

‎07-30-2024 11:59 PM

Update:

When one of the users tested the report, it returned his actual email.
I guess the answer is that it isn’t possible to test an external user's PrincipalName.

I will close the ticket.

Message 2 of 2
420 Views
0

Helpful resources

Announcements
April Power BI Update Carousel

Power BI Monthly Update - April 2026

Check out the April 2026 Power BI update to learn about new features.

Fabric SQL PBI Data Days

Data Days 2026 coming soon!

Sign up to receive a private message when registration opens and key events begin.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All