cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
megachuckmc721
Frequent Visitor

Help setting up RLS with Salesforce Dataset

Back using Power BI after almost 1 year away and I need help setting up Row Level Security!

 

Our datasets consists of SFDC objects (Opportunities, Tasks, Users) which are refreshed periodically every day and I am wanting to use RLS so that when a user logs in to a given dashboard in Power BI service they will only see their own data.  The basic filtering would look something like this:

 

User can only see records from Tasks and Opportunities in which they are the CreatedBy. 

Example:  User Joe Smith (id 05Q00000aff02xb) logs into Power BI and goes to the Opportunity Dashboard.  He will only see Opportunities where the CreatedById = (05Q00000aff02xb)

 

I've done this before but am having to relearn everything and I'm not sure where to start!

 

Any help is greatly appreciated...

 

Mike

2 ACCEPTED SOLUTIONS
v-shex-msft
Community Support
Community Support

Hi @megachuckmc721,

 

You need to build relationships between these tables and modify the crossfitlerdirection option to both to confirm user table can effect all of them.

Then use user table to create RLS, if you correctly setting these relationships, it will effect on all related tables.

Power BI – Dynamic Row Level Security – Tips to get it working!

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

View solution in original post

Hi @megachuckmc721,

 

You can refer to following blog to know more about how to use RLS with USERNAME function.

Power BI Desktop Dynamic security cheat sheet

 

BTW, if you table not contains mapping table(domain/userid to table userid), you need to create one and add to your datasource. Then modify the 'cross filter direction' option to both and turn on the 'Apply security filter in both directions property'

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

View solution in original post

5 REPLIES 5
v-shex-msft
Community Support
Community Support

Hi @megachuckmc721,

 

You need to build relationships between these tables and modify the crossfitlerdirection option to both to confirm user table can effect all of them.

Then use user table to create RLS, if you correctly setting these relationships, it will effect on all related tables.

Power BI – Dynamic Row Level Security – Tips to get it working!

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

View solution in original post

Thanks for your help on this - I'm good to go now, although I went ahead and set up separate RLS Roles for each individual.  Works fo now but hopefully I can figure out how to use the Username() functionality and cut down on the duplication of roles.

 

Thanks!

Mike

Hi @megachuckmc721,

 

You can refer to following blog to know more about how to use RLS with USERNAME function.

Power BI Desktop Dynamic security cheat sheet

 

BTW, if you table not contains mapping table(domain/userid to table userid), you need to create one and add to your datasource. Then modify the 'cross filter direction' option to both and turn on the 'Apply security filter in both directions property'

 

Regards,

Xiaoxin Sheng

Community Support Team _ Xiaoxin
If this post helps, please consider accept as solution to help other members find it more quickly.

View solution in original post

Thanks! I will take a look at the cheatsheet with regards to using Username() and RLS!

And good reminder on the domain/userid mapping as well!

 

Mike

I'm not sure I fully understand your explanation...

 

I have 3 tables with the following relationships:  One one of the relationships I can set the crossfilter direction as both but get an error on the other(?) -   Also your explanation suggests that for each user I will have to create a Role that filters on the UserID - which means 1 ROle for each user.  I read somewhere about using Username() - Is that correct.

 

Thanks again for any help on this.

Mike

Relationships1.jpg

RealtionshipTable 2.jpg

 

 

RealtionshipTable 3.jpg

Helpful resources

Announcements
PBI User Groups

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group!

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

Get Ready for Power BI Dev Camp

Power BI Dev Camp - June 24th

Mark your calendars and join us for our next Power BI Dev Camp!

Top Solution Authors
Top Kudoed Authors