Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
Anonymous
Not applicable

2 Layers Row Level Security

‎11-27-2019 01:00 AM

Hi all,

 

Unfortunately, I got a very ununsal requirement for Access Control

 

I have upload the demo power bi file for better explanation.

 

We get Sales table, region/ country mapping table and user access control table.

 

The key pain point: User access control by Region first, then by Country.

 

We cannot hard code the country for each user as many countries in each region and country code can change over the time (I only include a few in demo).

 

“All” mean user can view all country data for that region.

 

ie: Eric can view all DACH, NL data, but Sam can only view FRANCE in FRANCE/ BELGIUM.


NameEmailRegionCountry
EricEric@abc.comDACH, NLAll
PeterPeter@abc.comDACH, NLAUSTRIA
BorisBoris@abc.comDACH, NLGERMANY
PeterPeter@abc.comFRANCE/BELGIUMAll
SamSam@abc.comFRANCE/BELGIUMFRANCE
HenryHenry@abc.comUKAll
PeterPeter@abc.comUKAll

How can I achieve 2 layers RLS with user email? I try to use the Organizational Hierarchy concept, but fail.

 

https://www.dropbox.com/s/7wopvrhs7jgti6g/Hierarchy%20RLS-demo.pbix?dl=0 

Thanks.

 

 

Labels:
Message 1 of 3
359 Views
0
2 REPLIES 2
v-frfei-msft
Community Support
Community Support

‎11-28-2019 06:06 PM

Hi @Anonymous ,

 

I have created the role in your sample by the formula.

VAR Email = "Eric@abc.com"
VAR Region =
    CALCULATETABLE (
        VALUES ( 'User Right'[Region] ),
        FILTER ( 'User Right', 'User Right'[Email] = Email )
    )
VAR Country =
    CALCULATETABLE (
        VALUES ( 'User Right'[Country] ),
        FILTER ( 'User Right', 'User Right'[Region] IN Region )
    )
VAR k =
    FILTER ( 'Region/County', 'Region/County'[Region] IN Region )
VAR n =
    CALCULATETABLE (
        VALUES ( 'Region/County'[Country] ),
        FILTER ( 'Region/County', 'Region/County'[Country] IN Country ),
        KEEPFILTERS ( k )
    )
RETURN
    [Country] IN n

Capture.PNG

You can change the email address to USERNAME function in your side.

BYW, pbix as attached.

 

Community Support Team _ Frank
If this post helps, then please consider Accept it as the solution to help the others find it more quickly.
Hierarchy RLS-demo (1).pbix
Message 2 of 3
350 Views
0
Anonymous
Not applicable
In response to v-frfei-msft

‎11-28-2019 10:54 PM

Thanks for your reply.

 

Unfortunately, the problem is more complicated as my team would like to simplify the user control table and also apply All in Region.

 

Below is my new user control table (All in both Region & Country) and a new table to store all Regions values.

New User.PNGRegion.PNG

 

To make it easy, I create a extra step to match for mapping regions first, but I cannot modify the M code successfully (i cannot let All to expand all Regions in my Region table)

Step1.PNGIncorrect Map.PNG

 
If I can expand the Regions and I will use this intermediate table for mapping country.
 
Do you have any idea how to handle it? Thanks.
 
https://www.dropbox.com/s/n8oj15b7etvc2sa/Hierarchy%20RLS-demo%20v2.pbix?dl=0 
https://www.dropbox.com/s/8dl3mvkfyiv43qe/ML%20RLS%20data%20v2.xlsx?dl=0 
 
Many Thanks.
Message 3 of 3
339 Views
0

Helpful resources

Announcements
RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel1

Power BI Monthly Update - May 2024

Check out the May 2024 Power BI update to learn about new features.

View All