cancel
Showing results for 
Search instead for 
Did you mean: 

Dynamic Row Level Security (Dynamic RLS)

Requirement : 

 

We have a table with the User, Customer and Sales value.

 

source.PNGSales table

We need to show the total sales value for each customer. When user login to the report he wanted to see only his customer data.

sales by customer.PNGSales by Customer

 

Solution

 

We need to implement RLS.

Click on Modeling Tab and navigate to Manage Roles icon

 

Modeling Tab.PNGModeling Tab

Then define a role name and right-click on the required table. We are going to use USERPRINCIPALNAME() in the filter condition.

This function returns the name of the user as their email address. 

 

[User] = USERPRINCIPALNAME()

Manage Roles.PNGManage Roles window

Now we have completed the configuration in the desktop tool. We can test the roles in the desktop itself. 

 

Under the Modeling tab, we have an icon called View as Roles. Click on that icon, we will get a new window.

We have to select both Other user and newly created Role. Then enter the email id of one user in the text box near to the Other user text. 

 

View as role.PNGView as roles

Click OK and see the changes immediately.

 

view1.PNGReport viewview2.PNGData view 

Next step is to configure the RLS in app.powerbi.com

 

Go to the dataset tab and follow the below steps.

 

dataset.PNG

 

Click on 3 dots near to the dataset.

 

security.PNG

 

Click on security and you will be navigated to another page. 

 

RLS window.PNG

 

Here you can add all the users to the Member section. You can use either individual email id or group id. 

 

Note: make sure your user does not have edit permission to this report. Otherwise, RLS will not work.

Comments

This is great! Thank you for the information. 

 

I am having a problem and hoping that you can help. I have set up Dynamic RLS and have tested it in Desktop and it works great. I get to Service, add people to the security group and push the report out to the app. I have 4 users, 1 can see the report and just she her data and the other 3 users get an error saying "You do not have permission to the underlying dataset". I tested their email address in desktop and the report populates perfectly, but not in Service. 

 

Thanks

Hi Jiler,

 

Did you add users to the role's member section? We have to add all the users to the user role.

 

Regards,

Nandu Krishna