Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
AppleMan
Helper II
Helper II

Security Role Help

Hi I have a situation with security roles that I am not sure how to manage.

 

I have a table that has all employees names as well as their supervisor. Example below:

EmployeeEmployee EmailSupervisorSupervisor Email
Employee Aa@employee.com--
Employee Bb@employee.comEmployee Aa@employee.com
Employee Cc@employee.comEmployee Bb@employee.com
Employee Dd@employee.comEmployee Bb@employee.com
Employee Ee@employee.comEmployee Bb@employee.com
Employee Ff@employee.comEmployee Zz@employee.com

 

This table is used by joining to a table of employee hours by employee ID (Not in the example table above). 

What I want is when employee A views the report from PowerBI service they see only the employees they are supervisor of. The way I coded this right now in the security roles I have "Supervisor Email = userprinciplename()"

 

In the example above this would allow the Employee A to see the hours of Employee B in the report, but not the hours of employee C, D, and E, even though employee A is technically the parent supervisor of all of them. This is fine and works ok, since when employee A is chosen as the supervisor in the slicer I do want it to show just the hours for employee B. It will only show the hours for employees C, D, and E when employee B is selected. In this example the role security issue I run into is with a supervisor filter that I have at the top of the page. 

 

I need to write the security roles in a way that when employee A logs in to view the report the security roles see that a@employee.com is logged in so they can view the data for b@employee.com, so when they go to the supervisor filter at the top they have the option to pick b@employee.com as the filter choice and see their employees hours, right now the only option they will get is themselves in this filter because of the way I wrote the role security.

 

When employee A logs in they only have themselves as a supervisor option, but they should also be able to filter the report to Employee B as supervisor too and see the employees under that child supervisor. In the real world supervisor A would be supervisor to multiple different child supervisors and need to be able to choose which set of employees they are looking at. 

 

How would I write the security roles to be able to traverse down the chain of command and show all supervisors/employees under them in my slicer option?

 

Thanks for your help, let me know if I need to explain anything further. 

1 ACCEPTED SOLUTION
GilbertQ
Super User
Super User

Hi @AppleMan 

 

Please look at the link with the example below from measure, who explains how to achieve this row level security pattern Dynamic Row Level Security with Organizational Hierarchy Power BI - RADACAD





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

View solution in original post

1 REPLY 1
GilbertQ
Super User
Super User

Hi @AppleMan 

 

Please look at the link with the example below from measure, who explains how to achieve this row level security pattern Dynamic Row Level Security with Organizational Hierarchy Power BI - RADACAD





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Helpful resources

Announcements
Sept PBI Carousel

Power BI Monthly Update - September 2024

Check out the September 2024 Power BI update to learn about new features.

September Hackathon Carousel

Microsoft Fabric & AI Learning Hackathon

Learn from experts, get hands-on experience, and win awesome prizes.

Sept NL Carousel

Fabric Community Update - September 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors