Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hello,
I was wondering if there is a way I can implement RLS on pages for groups?
Hi @syasmin25 ,
Yes you can use RLS on all the pages of your report in Power BI for a level like Group.
You will need to add a little bit to what groups you are talking about here - AD Groups? As I don't have visibility on what groups you are talking about, Refer following articles:
https://guyinacube.com/2020/02/25/can-you-use-groups-with-power-bi-row-level-security-rls/
https://community.powerbi.com/t5/Service/Row-level-security-using-AD-groups/td-p/300732
Thanks,
Pragati
Thank you for the links. I was looking to use the groups on AD to filter out pages. I do not know if that is a possibility. Is there a way I could do it with just one report?
Hi @syasmin25 ,
Please refer the links I have shared. There are 2 of them setting up RLS using AD groups.
Thanks,
Pragati
Hello,
I apologise for the misunderstanding here. I have already created the groups from AD. I was wondering if it was possible to limit a groups access from a particular page of the report. For example,
I have 3 groups that I would have created in Power BI Desktop.
And I do not want Level 2 to have access to Page 2 of my report, there would be no data, Is there a way I can do that?
I
Hi @syasmin25 ,
To my knowledge I don't think there is a way of achiving this. You may have to create a different version of dashboard with less pages in it.
Because RLS works on the data model level not on report tab-level.
Also, do check the following thread if it helps:
https://community.powerbi.com/t5/Desktop/RLS-with-UserName/td-p/82327
Thanks,
Pragati
okay, is there a way I can restrict a group from a dataset(FIELD/TBL) then? Or, could you please tell me how to set hierarchy from Active Directory? I have gone through a lot of tutorials but I have not been able to come across one for that.
@syasmin25 If I understood your concern right then below is the solution.
Assuming you have a table (Headcount) with the unique emp id along with the email address of every employee and the immediate reporting contact - counselor email address along with the counselor unique emp id. Basically 4 columns - emp id, emp email, counselor id, conselor email (considering you have the team data where the staff, reporting senior, reporting manager, reporting senior manager are present in this table).
You need to create a column heirarchy path using the below DAX :
Heirarchy = path('Headcount'[emp id],'Headcount'[counselor id])
This will generate the complete heirarchy path from the staff to the senior manager for every employee.
Now create additional columns for every level.
Level 1 senior manager, level 2 manager, 3 senior and 4 staff.
level 1 column will have the below DAX to generate the email address of the senior manager, and 2 will have email of the manager and so on.
DAX for level 1 = lookup('Headcount'[emp email],'Headcount'[emp id],PATHITEM('Headcount'[Heirarchy],1,1),'Headcount'[emp email])
Dax for level 2 = lookup('Headcount'[emp email],'Headcount'[emp id],PATHITEM('Headcount'[Heirarchy],2,1),'Headcount'[emp email])
Dax for level 3 = lookup('Headcount'[emp email],'Headcount'[emp id],PATHITEM('Headcount'[Heirarchy],3,1),'Headcount'[emp email])
Dax for level 4 = lookup('Headcount'[emp email],'Headcount'[emp id],PATHITEM('Headcount'[Heirarchy],4,1),'Headcount'[emp email])
Now you need to set up RLS on this table with the user name function.
Go to manage roles. create a role 'Heirarchy' -> Table is 'Headcount'
under the expression set the rule as below.
[emp email] = USERPRINCIPALNAME()
|| [Level 4] = USERPRINCIPALNAME()
|| [Level 3] = USERPRINCIPALNAME()
|| [Level 2] = USERPRINCIPALNAME()
|| [Level 1] = USERPRINCIPALNAME()
The above rule works as below.
If a user present in the headcount at staff level views, he will see only his data in the report.
a senior will see his data as well as the data for all staff reporting to him
a manager sees his data, his reporting seniors and the further drill of the staff members reporting to those seniors,
a senior manager will see all the data
Guess the above technique and explanation helps.
Do upvote and mark as solution if this fixes your corcern.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
49 | |
25 | |
20 | |
15 | |
12 |
User | Count |
---|---|
57 | |
49 | |
44 | |
19 | |
18 |