Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Krish89
Helper II
Helper II

Dynamic Row level security

‎08-05-2020 11:58 PM

Hi,

 

I have a requirement like below:

I have two tables "SalesRep" and "Sales" as below.

I need to implement RLS on these tables. If SalesRep "Daniel" logs in to Power BI service, he should see his sales data i.e., row 1&6 in the Sales table.

If SalesRep "Leo" logs in to Power BI service, he should see his sales data i.e., row 5&7 in the Sales table.

But if manger logs in, he should see all the sales reps data under him.

For Eg: Anderson should see the data of Daniel, Philip and Sonia and Jakub should see Sonia and Leo's data.

 

table.PNG           table1.PNG

 

Let me know if you have any thoughts.

 

Thank you,

Krishna.

Labels:
Message 1 of 8
3,110 Views
0
1 ACCEPTED SOLUTION
Icey
Community Support
Community Support
In response to Krish89

‎08-11-2020 01:11 AM

Hi @Krish89 ,

 

About the Manager role, it first filters out the e-mails of the managers in the ‘Sales Rep’ [Manager Email] and uses the username() function to determine if the current user is inside. If he is, he will see the information that belongs to him.

 

For example, Anderson is the current user, and his e-mail is in the [Manager Email] column, then he’ll see the information circled by the red box and other table information associated with this table after filtering.

salesrep.png

 

About the Sale Rep role, it first filters out the e-mails of the Sales Rep in the Sales Rep[SalesRep Email] and uses the username() to determine if the current user is inside. If he is, he will see the information that belongs to him.

 

For example, Daniel is the current user, and his is in the Sale Rep role, then hell see the information circled by the red box and other table information associated with this table after filtering.

salesrep2.png

 

Reference:

Dynamic Row Level Security with Manager Level Access in Power BI

Dynamic Row Level Security with Power BI Made Simple

 

 

Best Regards,

Icey

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Message 5 of 8
3,000 Views
7 REPLIES 7
Icey
Community Support
Community Support

‎08-06-2020 06:48 PM

Hi @Krish89 ,

 

You can create two roles by clicking the Manage Roles under Modeling: the Manager role and the Sales Rep role. And you need to make sure the relationship between your two tables is correct.

IF(MAXX(FILTER('SalesRep','SalesRep'[Manager Email]=username()),'SalesRep'[Manager Email])=username(),'SalesRep'[Manager Email]=username())

IF(MAXX(FILTER('SalesRep','SalesRep'[SalesRep Email]=username()),'SalesRep'[SalesRep Email])=username(),'SalesRep'[SalesRep Email]=username())

RELATIONSHIP.png

MANAGER.pngsales rep.png

 

After the roles are created, you can enter the email to test as below:

TEST.png

TEST2.png

 

You can check more details from here.

 

 

Best Regards,

Icey

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 3 of 8
3,042 Views
0
Krish89
Helper II
Helper II
In response to Icey

‎08-10-2020 12:03 AM

Hi @Icey ,

 

Thank you very much for your help and the solution is perfectly working🙂

I would like to understand that the roles(salesrep and manager) are applied on the table(SalesRep) or on the columns inside the SalesRep table.

Also Could you please brief me on the DAX logic you have written?

 

Thank you!!

Regards,

Krishna.

Message 4 of 8
3,024 Views
0
Icey
Community Support
Community Support
In response to Krish89

‎08-11-2020 01:11 AM

Hi @Krish89 ,

 

About the Manager role, it first filters out the e-mails of the managers in the ‘Sales Rep’ [Manager Email] and uses the username() function to determine if the current user is inside. If he is, he will see the information that belongs to him.

 

For example, Anderson is the current user, and his e-mail is in the [Manager Email] column, then he’ll see the information circled by the red box and other table information associated with this table after filtering.

salesrep.png

 

About the Sale Rep role, it first filters out the e-mails of the Sales Rep in the Sales Rep[SalesRep Email] and uses the username() to determine if the current user is inside. If he is, he will see the information that belongs to him.

 

For example, Daniel is the current user, and his is in the Sale Rep role, then hell see the information circled by the red box and other table information associated with this table after filtering.

salesrep2.png

 

Reference:

Dynamic Row Level Security with Manager Level Access in Power BI

Dynamic Row Level Security with Power BI Made Simple

 

 

Best Regards,

Icey

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 5 of 8
3,001 Views
Krish89
Helper II
Helper II
In response to Icey

‎08-17-2020 06:19 AM

Hi @Icey,

The below solution works well in Power BI desktop but when I publish it to the service, the roles are not working.

When i test the roles, the data is not filtering and ended up with error. Is it working for you in the Power BI service?

Krish89_0-1597670266255.png

 

Thank you!!

Regards,

Krishna.

 

Message 7 of 8
2,977 Views
0
Icey
Community Support
Community Support
In response to Krish89

‎08-18-2020 12:46 AM

Hi @Krish89 ,

 

I reproduce your issue when I didn't add the users to the corresponding roles.

test1.png

 

Only members that are added to the role can see the specified information. RLS is valid if the member is added to the role and does not have editing rights. Please refer to this official document to add users to corresponding roles.

 

I replace anderson@xyz.com and daniel@xyz.com with my test emails and add the test emails into Manager role and Sale Rep role.

test2.png

test3.png

test4.png

 

The user(Anderson) in Manager role opens the pbix file as shown below.

test5.png

The user(Daniel) in Sales Rep role opens the pbix file as shown below.

test6.png

 

Best regards

Icey

 

If this post helps,then consider Accepting it as the solution to help other members find it more quickly.

Message 8 of 8
2,957 Views
0
Krish89
Helper II
Helper II
In response to Icey

‎08-11-2020 02:20 AM

Hi @Icey,

 

Thank you very much for the explanation and it makes me clear and understandable.

 

Regards,

Krishna.

Message 6 of 8
2,993 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All