Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
Rajnish366
Frequent Visitor

What if a user is common in dynamic RLS report across two roles

‎01-16-2025 10:20 AM

Q 1. In my Dynamic RLS PBI report few users are common across two roles (being part of two different group added in Role 1 and Role 2 as super user) what will happen in this case. which role will be effective? 

Q 2. Pls suggest the impact of Bi-directional (security applied at both side) many to one relation in a Dynamic RLS reoprt.

Labels:
Message 1 of 6
1,336 Views
0
1 ACCEPTED SOLUTION
v-aatheeque
Community Support
Community Support
In response to Rajnish366

‎01-21-2025 01:52 AM

Hi @Rajnish366 
Thanks for reaching out to Microsoft Fabric Community Forum.

1.This is likely a role based on the UserPrincipalName() DAX function, which is commonly used to assign permissions to users based on their email addresses or usernames.
2.This role is based on a condition where a DAX expression evaluates to True() for users who meet a specific condition (in this case, users who belong to certain Active Directory groups).

 

3.when multiple roles are assigned to a user, the most restrictive role generally takes precedence.

 

  • If both roles apply to a user, the system will apply both sets of filters together unless there's an explicit conflict (such as one role restricting a value while another allows it).
  • If the "Super Users" role is set up with broader access (e.g., True() condition for certain users), it may override or provide broader access than the "Email" role, depending on the conditions of the "Email" role.

Addtionally For  the UserprincipalName() function, you can refer to :
DAX USERPRINCIPALNAME - Use in RLS - Power BI Docs

And for how dynamic rls sample model , you can refer to :
Dynamic Row Level Security with Power BI Made Simple - RADACAD

If this post was helpful, please consider marking Accept as solution to assist other members in finding it more easily.

If you continue to face issues, feel free to reach out to us for further assistance!



View solution in original post

Message 5 of 6
1,229 Views
5 REPLIES 5
Alatha
Frequent Visitor

‎02-07-2026 04:42 AM

Hi, I don't see any solution here. Please assist me on same scenario.
I also have same scenario where user is part of two roles .

I have one report and it has two personas site owners ans service owners.
And created 2 roless
site owners - rls applied
Service owners - no filters
as I have single report and it has home page with 2 buttons visit site owner view & visit service owners view and based on the  page navigations
now scenario 1. - when site owners access the report should see site owners button and should able to see the sites they own.
scenario -2 - when service owner access the report should see both buttons and when clicks on service owners should see all sites and clicks on site owners should see only owned sites.
working as expected -Site owners access able to see only single button and also see the sites they own
problem - when service owner access the report and able to see both buttons and clicks on service owners button able to see all sites BUT when clicks on site owners button also seeing all sites instead of sites they own.
please assist me to achieve this as expected

Message 6 of 6
349 Views
0
GilbertQ
Super User
Super User

‎01-16-2025 03:12 PM

Hi @Rajnish366 

 

Power BI uses the niece restrictive security model. So what that means is if a user belongs to two roles, but we'll get a combination of access to both of those RLS Roles which could lead to the user seeing more data than what they should see. With regards to question two using the bidirectional work as expected only when using row level security.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 6
1,303 Views
0
v-aatheeque
Community Support
Community Support
In response to GilbertQ

‎01-19-2025 10:19 PM

Hi @Rajnish366 

 We haven’t heard from you on the last response and was just checking If the answer posted  by @GilbertQ  was helpful, please consider marking Accept as solution to assist other members in finding it more easily.

If you continue to face issues, feel free to reach out to us for further assistance!

Message 3 of 6
1,266 Views
0
Rajnish366
Frequent Visitor
In response to v-aatheeque

‎01-20-2025 11:15 PM

Hi @GilbertQ,

In my model i have created two role 1. Email = Userprinciplename ()  2. Super users where dax is only True ().
Few users are part common member of AD groups which i added in both  roles. 
My question is which role will dominate here in this case. 
Thanks for your time.

Message 4 of 6
1,242 Views
0
v-aatheeque
Community Support
Community Support
In response to Rajnish366

‎01-21-2025 01:52 AM

Hi @Rajnish366 
Thanks for reaching out to Microsoft Fabric Community Forum.

1.This is likely a role based on the UserPrincipalName() DAX function, which is commonly used to assign permissions to users based on their email addresses or usernames.
2.This role is based on a condition where a DAX expression evaluates to True() for users who meet a specific condition (in this case, users who belong to certain Active Directory groups).

 

3.when multiple roles are assigned to a user, the most restrictive role generally takes precedence.

 

  • If both roles apply to a user, the system will apply both sets of filters together unless there's an explicit conflict (such as one role restricting a value while another allows it).
  • If the "Super Users" role is set up with broader access (e.g., True() condition for certain users), it may override or provide broader access than the "Email" role, depending on the conditions of the "Email" role.

Addtionally For  the UserprincipalName() function, you can refer to :
DAX USERPRINCIPALNAME - Use in RLS - Power BI Docs

And for how dynamic rls sample model , you can refer to :
Dynamic Row Level Security with Power BI Made Simple - RADACAD

If this post was helpful, please consider marking Accept as solution to assist other members in finding it more easily.

If you continue to face issues, feel free to reach out to us for further assistance!



Message 5 of 6
1,230 Views

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

March Power BI Update Carousel

Power BI Community Update - March 2026

Check out the March 2026 Power BI update to learn about new features.

View All
Top Solution Authors
View All