Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and a 50 percent discount on exams.
Get startedEarn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.
Good day everyone,
I would like to create a DAX measure under Manage Security Roles with the following logic:
For example, I have a table called "Employee_List":
Employee ID | Employee Name | Team | Department | Country | |
1007 | Alice | Alice@xx.com | aa | A | UK |
1000 | John | John@xx.com | ab | A | France |
1001 | Abby | Abby@xx.com | ac | B | France |
1002 | Ben | Ben@xx.com | ae | C | UK |
1003 | Sarah | Sarah@xx.com | ab | C | UK |
1004 | Jess | Jess@xx.com | ac | D | USA |
1005 | Bill | Bill@xx.com | aa | A | USA |
1001 | Mark | Mark@xx.com | ab | B | France |
1005 | Bob | Bob@xx.com | ac | A | USA |
1006 | James | James@xx.com | ad | A | France |
For example:
Employee ID | Employee Name | Team | Department | Country | |
1007 | Alice | Alice@xx.com | aa | A | UK |
1000 | John | John@xx.com | ab | A | France |
1001 | Abby | Abby@xx.com | ac | B | France |
1002 | Ben | Ben@xx.com | ae | C | UK |
1003 | Sarah | Sarah@xx.com | ab | C | UK |
1004 | Jess | Jess@xx.com | ac | D | USA |
1005 | Bill | Bill@xx.com | aa | A | USA |
1001 | Mark | Mark@xx.com | ab | B | France |
1005 | Bob | Bob@xx.com | ac | A | USA |
1006 | James | James@xx.com | ad | A | France |
Employee ID | Employee Name | Team | Department | Country | |
1001 | Abby | Abby@xx.com | ac | B | France |
1001 | Mark | Mark@xx.com | ab | B | France |
Employee ID | Employee Name | Team | Department | Country | |
1004 | Jess | Jess@xx.com | ac | D | USA |
Your help would be much appreciated.
Many thanks,
IzBell
This is quite complex that is why you do not get an answer quickly here.
Here are the conditions:
The first one is easy but this is not something you can solve with RLS. You need to create a security group in the active directory for these people. Alternatively, add them as contributors to the workspace so RLS does not even apply OR add them manually (i dont recommend this) to the "none" group or create a group in RLS without any filter. RLS is more about restricting data than giving full access.
For your second condition I would also set up two AD groups, one for all other users and one for department A specifically.
Then you set up RLS based on the country and just assign the "other than department A" people to that role.
User | Count |
---|---|
98 | |
87 | |
78 | |
74 | |
70 |
User | Count |
---|---|
113 | |
105 | |
84 | |
65 | |
64 |