Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hello,
I recenetly implemented the DRLS on one of my reports using our Active Directory. It is a Quality Assurance report, so employees can see their own reports, their managers can see their employess, directors can see everything below and so on and so forth.
You can see below on the left, my DAX in desktop and then I have a microsoft group added in service with a few other users who aren't in the group.
My issue I am having is that I have a user who has responsibiltiy over QA for a team, however - the team does not actually report up through him in the directory, so he can't see anything. He is not in the PC CLAIMS microsoft group. I do have a bucket in service that filters by the team - when I put him in there, he sees everything .. not limited to the role. When I add him to this SECURE group with the other 3 users you see up above, he sees everything .. not limited to the role again.
The reason why this is happening is that his name doesn't occur in the actual data, because he doesn't have any QA's and he's not listed as a manager for anyone. He is listed in my active directory table as an employee.
I'm wondering if anyone knows of a "backdoor" that I can basically say if this users email = "", then it goes around the RLS and gives him access to a certain team = "".
I hope that makes sense. I feel like I've tried it all. I can't change it all for one user, so I'm hoping that I can do something that works for him specifically.
Trevor
Solved! Go to Solution.
So after playing around with it, I created a filter in the team specific role. Simply just added Manager name = "". That is who all the reps and my user report to. Once I added that filter, paired with the team name = "" I went to service added my user to that role and tested it and bam - worked.
It sounds crazy, but that's how I worked around the DRLS. I don't know how to fully explain how this works, but it worked for me.
Trevor
So after playing around with it, I created a filter in the team specific role. Simply just added Manager name = "". That is who all the reps and my user report to. Once I added that filter, paired with the team name = "" I went to service added my user to that role and tested it and bam - worked.
It sounds crazy, but that's how I worked around the DRLS. I don't know how to fully explain how this works, but it worked for me.
Trevor
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
110 | |
95 | |
76 | |
65 | |
51 |
User | Count |
---|---|
146 | |
109 | |
106 | |
88 | |
61 |