Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
amarquiss
Frequent Visitor

Role Level Security Dax Measure - looking at different fields to determine access

‎03-15-2022 02:34 PM

I have a security table that indicates what level a person can access data.  I am trying to build the Dax filter in the Roles to make it apply secuirty at differnt levels. Below I got it working to look at department or specialty but I am stuck how to write this for RPT_GRP_2 and NPI levels. Total newbie to Power bi and Dax so if their is better way to write this metric I am open to suggestions 

 

 

VAR Specialty =
CALCULATETABLE (
VALUES (SecurityAccess[SPECIALTY]),
SecurityAccess[USER EMAIL] = USERPRINCIPALNAME()
)
VAR DEPT_ID =
CALCULATETABLE (
VALUES ( SecurityAccess[DEPT_ID] ),
SecurityAccess[USER EMAIL] = USERPRINCIPALNAME()
)
RETURN
AND (
OR (
"ALL" IN DEPT_ID,
DimDeptClarity[Department Id] IN DEPT_ID
),
OR (
"ALL" IN Specialty,
DimDeptClarity[Specialty] IN Specialty
)
)

 

Example of Security Table

USER EMAILUSERAREALEVELDEPT_IDSPECIALTYRPT_GRP_TWONPI_ID
executive@childrensomaha.org ExecutiveEXECAllALLALLALL 
Division Chief@childrensomaha.org Division ChiefCPSpecialtyALLPrimary CareALL 
Director@childrensomaha.org DirectorCPMulitiple SpecialtiesALLALLAmbulatory 
Manager@childrensomaha.org ManagerCPClinic1005019ALLALL 
Provider@childrensomaha.orgProviderCPProviderALLALLALL12345678
Message 1 of 5
389 Views
0
4 REPLIES 4
amarquiss
Frequent Visitor

‎03-21-2022 05:00 PM

That did not work either for our table structure. I got it working with the nested and ...I need to work on adding in NPI still. 

VAR RPT_GRP_TWO =
CALCULATETABLE (
VALUES (SecurityAccess[RPT_GRP_TWO]),
SecurityAccess[USER EMAIL] = USERPRINCIPALNAME()
)

VAR Specialty =
CALCULATETABLE (
VALUES (SecurityAccess[SPECIALTY]),
SecurityAccess[USER EMAIL] = USERPRINCIPALNAME()
)
VAR DEPT_ID =
CALCULATETABLE (
VALUES ( SecurityAccess[DEPT_ID] ),
SecurityAccess[USER EMAIL] = USERPRINCIPALNAME()
)
RETURN
AND (
OR (
"ALL" IN RPT_GRP_TWO,
DimDeptClarity[Area] IN RPT_GRP_TWO
),

(AND (
OR (
"ALL" IN DEPT_ID,
DimDeptClarity[Department Id] IN DEPT_ID
),
OR (
"ALL" IN Specialty,
DimDeptClarity[Specialty] IN Specialty
)
))
)

Message 5 of 5
249 Views
0
amarquiss
Frequent Visitor

‎03-15-2022 05:50 PM

Unfourtnaly we have 4 levels not 1. Provider can only see their own data (NPI), clinic manager can only see dept assigned, director need to see multiple specialties (rolls up 10+ dept into 1 speciality) and RPT_GRP_2  it a level above the specialties that groups specialties for higher up levels. That is why I am trying to find a way to evaluate more then 2 things in my logic. That code I have works amazing for department and speciality I just dont know how to exand to look a more than 2 things. 

Message 3 of 5
324 Views
0
v-rzhou-msft
Community Support
Community Support
In response to amarquiss

‎03-17-2022 11:41 PM

Hi @amarquiss ,

 

If there are same logic in level RPT_GRP_TWO and NPI_ID, you can try the code as below.

VAR Specialty =
CALCULATETABLE (
VALUES (SecurityAccess[SPECIALTY]),
SecurityAccess[USER EMAIL] = USERPRINCIPALNAME()
)
VAR DEPT_ID =
CALCULATETABLE (
VALUES ( SecurityAccess[DEPT_ID] ),
SecurityAccess[USER EMAIL] = USERPRINCIPALNAME()
)
VAR RPT_GRP_TWO = 
CALCULATETABLE (
VALUES ( SecurityAccess[RPT_GRP_TWO] ),
SecurityAccess[USER EMAIL] = USERPRINCIPALNAME()
)
VAR NPI_ID = 
CALCULATETABLE (
VALUES ( SecurityAccess[NPI_ID] ),
SecurityAccess[USER EMAIL] = USERPRINCIPALNAME()
)
RETURN
OR (
"ALL" IN DEPT_ID,
DimDeptClarity[Department Id] IN DEPT_ID
)
&&
OR (
"ALL" IN Specialty,
DimDeptClarity[Specialty] IN Specialty
)
&&
OR (
"ALL" IN RPT_GRP_TWO,
DimDeptClarity[RPT_GRP_TWO] IN RPT_GRP_TWO
)
&&
OR (
"ALL" IN NPI_ID,
DimDeptClarity[NPI_ID] IN NPI_ID
)

It seems that you want to build dynamic RLS with hierarchy level. You may refer to this blog to learn more details.

For reference: Dynamic Row Level Security with Organizational Hierarchy Power BI

 

Best Regards,
Rico Zhou

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Message 4 of 5
286 Views
0
Whitewater100
Solution Sage
Solution Sage

‎03-15-2022 04:40 PM

Hi:

I beleive your security table would have multiple rows for eah person who will view more than one level or Department ID. If you are filtering by Dept ID, the person who see ALL would have her/his name repeated once/ Dept ID.

I will note an example for data I'm more familiar with where the Sales Territory key is driving who see's what. In this scenario

The Filter statement on DeskTop for creating this (Create Roles) is named Employees by Sales Territory :

[SalesTerritoryKey] =
LOOKUPVALUE(
'Security'[Sales Territory ID],
'Security'[Login ID_AD], USERNAME(),
'Security'[Sales Territory ID],
'Sales Territory'[SalesTerritoryKey])

 

I hope this is helpful.

Message 2 of 5
343 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All