Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and a 50 percent discount on exams.
Get startedEarn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.
Hi there,
I have a challenge with a single user in the Power BI Service.
The user has been added to a AD group called "all regions". This group is specified in a RLS table and when published the group is also added to RLS on the Power BI service.
This works for all the users I've added in the past. However, since the end of last week one of the users is not seeing any data in the visuals, almost as if he whould have no regions assigned to in the Desktop RLS table.
All the other users are setup as Viewer in the workspace access group. However, with this specific user it only works if I make the user a contributor.
I have even tried adding this user "manually" by adding every region and email of the user iow, so it would work if the user is not in the group. This also doesnt seem to solve the problem. It is odd, I have x checked with other users.
Also made contact with our infrastructure team to see if it could have anything to do with licencense etc.
Any one out there with similar experience?
Kind Regards,
Niel
Solved! Go to Solution.
USERPRINCIPALNAME() will always return the email of the person signed in, not the security group. I'd try setting up the RLS table using their email instead of the security groups ( but you can still assign the RLS role in the power bi service using security group)
My guess is for the other users where RLS works, they have other RLS role that superceed the security group based rls role. Without seeing more of the data it is hard to validate the issue.
But if you are 100% sure you have set it up correctly, then it could maybe be a bug and you can submit a support ticket to microsoft in the power platform admin page.
@Tutu_in_YYC
Thanks for your assistance.
RLS Dax: [UserPrincipalName] = UserPrincipalName()
Where [UserPrincipalName] is the users email address
Relationship between RLS table and the dimTable as follows:
Example of what the relationship data looks like is somethinge like "CAPE" on the RLS side and "CAPE" on the dimBranchHierarchy side.
Let me know if you require any additional information.
Thanks again!
For the All Region Group, are you using the email of the security group?I If yes, that may not work, as USERPRINCIPALNAME() will return the user's email instead of the security group email. Is that the case?
Hi,
This is how my security group is setup.
Its a group created in the AD. It works for all the other users except this specific user. That is the mystery, why is it working for all other user except for this user? Does it make sense to you?
USERPRINCIPALNAME() will always return the email of the person signed in, not the security group. I'd try setting up the RLS table using their email instead of the security groups ( but you can still assign the RLS role in the power bi service using security group)
My guess is for the other users where RLS works, they have other RLS role that superceed the security group based rls role. Without seeing more of the data it is hard to validate the issue.
But if you are 100% sure you have set it up correctly, then it could maybe be a bug and you can submit a support ticket to microsoft in the power platform admin page.
@Tutu Many thanks for you time and advice. I followed advice, removed the security group now only using my RLS table using emails. Its a manual process but will persue my investigation as soons as I have spare capacity.
Hi Niel,
If your user see this error:
Then RLS is preventing him from viewing the report.
If he doesnt see that, it means that RLS is allowing him to access the data. If he sees no data in the visuals, I'd check if there is a relationship issue in the data model, i.e white space exist in his name or the keys or the columns in the table that are being used for the relationship
Thanks, correct, RLS is allowing the user to access the data and there is no data in die visuals. I've check all relationships, white spaces as mentioned but the user is setup exactly as the below:
Thus for user D and user F they are able to see the data, however, with user G (the problem user), this user G is not seeing the data in the visuals. I have verified licenses, to see if there are any funnies in the AD. However user G with nothing different that user D and user F.
Hope the above is a bit more explantory than my initial post.
Kind regards
Can you also provide the RLS DAX syntax for the roles that you have set up? I will try to replicate this.
My guess you have something like this:
'RLS'[UserPrinciple] = USERPRINCIPALNAME()