Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Don't miss out! 2025 Microsoft Fabric Community Conference, March 31 - April 2, Las Vegas, Nevada. Use code MSCUST for a $150 discount. Prices go up February 11th. Register now.

Reply
Peter_23
Helper IV
Helper IV

Dynamic RLS and groups

‎09-13-2024 07:32 AM

Hi there, in this time, I'm working with dynamic RLS so I have a dim_table_security and I'm implemented RLS in 4 diferents roles, admin, country, state, city, with their user principal name, e.g ted@org = US ,  tom@org  =  Kansas ; It's fine. So I'm trsting with roles and username is OK. but in the service It's requiere to apply groups, not user by user. So my question is:  Do it need create one group by role or one group for all roles? 

🤔

thanks

Message 1 of 3
320 Views
0
1 ACCEPTED SOLUTION
v-yohua-msft
Community Support
Community Support

‎09-15-2024 10:49 PM

Hi, @Peter_23 

You can create a new security group in your authentication service, such as Azure Active Directory. Create separate groups for each role (e.g., Admin, Country, State, City). Add the appropriate users to the group of the role they belong to. For example, add admin users to the Administrators group, add country level users to the country group, and so on.

Next, in your data model, configure RLS rules based on the group to which the user belongs. You can use DAX expressions in Power BI to define RLS rules to ensure that only users of a specific group have access to the corresponding data.

Publish the configured data model to the Power BI service. Then test whether different groups of users can only access the data they are authorized to.

vyohuamsft_0-1726465718375.png

vyohuamsft_1-1726465735817.png

 

How to Get Your Question Answered Quickly

Best Regards

Yongkang Hua

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 3 of 3
225 Views
0
2 REPLIES 2
v-yohua-msft
Community Support
Community Support

‎09-15-2024 10:49 PM

Hi, @Peter_23 

You can create a new security group in your authentication service, such as Azure Active Directory. Create separate groups for each role (e.g., Admin, Country, State, City). Add the appropriate users to the group of the role they belong to. For example, add admin users to the Administrators group, add country level users to the country group, and so on.

Next, in your data model, configure RLS rules based on the group to which the user belongs. You can use DAX expressions in Power BI to define RLS rules to ensure that only users of a specific group have access to the corresponding data.

Publish the configured data model to the Power BI service. Then test whether different groups of users can only access the data they are authorized to.

vyohuamsft_0-1726465718375.png

vyohuamsft_1-1726465735817.png

 

How to Get Your Question Answered Quickly

Best Regards

Yongkang Hua

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 3 of 3
226 Views
0
Kaviraj11
Super User
Super User

‎09-13-2024 10:07 AM

Hi,

 

Normally, if you have created one RLS roles then one group for all roles is fine but if you have multiple roles created then create specific group by roles.




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!



Message 2 of 3
288 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Jan25PBI_Carousel

Power BI Monthly Update - January 2025

Check out the January 2025 Power BI update to learn about new features in Reporting, Modeling, and Data Connectivity.

Jan NL Carousel

Fabric Community Update - January 2025

Find out what's new and trending in the Fabric community.

View All