Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
Siboska
Helper II
Helper II

Row-Level-Security for External Azure users

‎07-30-2024 11:31 PM

Hi,

I have a challenge regarding how to set up row-level security for people outside our organization who have been invited as Azure guest users.

My Row Level Security User table in Power BI is in the following format:

NameEmailDepartment
JohnJohn@CustomDomain.comProduction

 

Then I used the standard approach where a role called "department access" has been added:

 

Email = PrincipleName()

 

 

I read Microsoft's documentation, and it seems that the PrincipalName() should be returned in the email format when a user is logging in:
"John@CustomDomain.com"

But, when I test the role in Power BI service the users PrincipleName() is returned in the external organisation format:

John_CustomDomain.com#EXT@OrgDomain.onmicrosoft.com.

 

To my knowledge, this will break the row-level security.

 

I have thought of two solutions:

 

Solution 1: Fix it in my DAX security role logic:

 

[Medarbejder Email] = 
IF(
    CONTAINSSTRING(USERPRINCIPALNAME(), "#EXT#"),
    SUBSTITUTE(LEFT(USERPRINCIPALNAME(), SEARCH("#EXT#", USERPRINCIPALNAME(), 1) - 1), "_", "@"),
    USERPRINCIPALNAME()
)

 

This should ensure that the extracted Principle name can be used to match the Email in my RLS table.

 


Solution 2: Add all the PrincipalNames manually to my User Row Level table in Power BI.

 

 

I am looking for some advice or experiences on this challenge.

 

Labels:
Message 1 of 2
408 Views
0
1 ACCEPTED SOLUTION
Siboska
Helper II
Helper II

‎07-30-2024 11:59 PM

Update:

When one of the users tested the report, it returned his actual email.
I guess the answer is that it isn’t possible to test an external user's PrincipalName.

I will close the ticket.

View solution in original post

Message 2 of 2
387 Views
0
1 REPLY 1
Siboska
Helper II
Helper II

‎07-30-2024 11:59 PM

Update:

When one of the users tested the report, it returned his actual email.
I guess the answer is that it isn’t possible to test an external user's PrincipalName.

I will close the ticket.

Message 2 of 2
388 Views
0

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All