Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Randalnik
Frequent Visitor

Manage Roles - set row security level help

‎03-31-2018 03:02 PM

Hello everyone,

 

I`m looking for an advice about security in Power BI. I have read a lot about the DAX and Manage Roles but I`m still not able to set it corectly.

 

I would like to ask, where I`m supposed to set the setting - in Power BI Desktop or in online Analysis. The story below:

 

The main table consicts of branches, an amount of orders and sum of sales. Each branch has 1 manager, for example:
Branch_Nbr: 12
Manager: Tom
Order: 25
Sales: 1500$

 

I would like to allow Tom to see just his branch number 12 and its numbers.

Theres about 50 branches. Do i have to set for each one the setting?

 

Thanks, regards

 

Jacob

Labels:
Message 1 of 5
1,567 Views
0
1 ACCEPTED SOLUTION
Drors
Resolver III
Resolver III

‎03-31-2018 11:48 PM

You can create a dynamic RLS with the function USERNAME() or USERPRINCIPALNAME(), that function will return the power bi user email, so you will have to create a table with all users email like TOM@EMAIL.com        Tom and to make a relationship between that table to your Manager dimension. thats way you will have to make only 1 RLS rule. you can read more about it here: 

http://radacad.com/dynamic-row-level-security-with-profiles-and-users-in-power-bi

View solution in original post

Message 3 of 5
1,762 Views
4 REPLIES 4
Drors
Resolver III
Resolver III

‎03-31-2018 11:48 PM

You can create a dynamic RLS with the function USERNAME() or USERPRINCIPALNAME(), that function will return the power bi user email, so you will have to create a table with all users email like TOM@EMAIL.com        Tom and to make a relationship between that table to your Manager dimension. thats way you will have to make only 1 RLS rule. you can read more about it here: 

http://radacad.com/dynamic-row-level-security-with-profiles-and-users-in-power-bi

Message 3 of 5
1,763 Views
Randalnik
Frequent Visitor
In response to Drors

‎04-01-2018 06:26 AM

Hello Drors,

 

thanks so much for your help. I was looking for something like this article.

I have tried the 1. solution and nothing happened.

I have tried the 2. solution. I Prepared the model, data, formulated DAX  just like in an article but im not able to see anything.

I'm logged in in my acc in Power BI Desktop and this email is contained in the table of users.

Right below is the model (Sorry, I dont have any time to translate it to english (its in czech)).

Výstřižek.JPG

Zam_Detail = User

Zam_Pob_Security = User_Profile

Vydejni_Misto = Profile

 

Theres DAX saved in Vydejni_Misto in Manage Roles:

[Pobocka_Id] IN SELECTCOLUMNS (
FILTER (
'Zam_Pob_Security',
RELATED(Zam_Detail[Email])
=USERPRINCIPALNAME()),
"Vydejni_Misto",[Pobocka_Id])

 

I really know its hard to understand without seeing all the details or daa, but do you have some idea, how to fix it?

Thanks, R.

Message 4 of 5
1,515 Views
0
Drors
Resolver III
Resolver III
In response to Randalnik

‎04-01-2018 07:04 AM

Hi,

 

Hi, It little bit hard to me to know excatly where is the problem but I can suggest some things,

in the first way: try to login to power bi cloud with diffrent user and check if its work (after publishing the new model and add the second user to the security in the cloud).

 

for the second way : try to write the DAX RLS in a measure, then put it in a card visual and check what is the output. if you dont get the desired output try change it a little bit untill it will be ok.

 

for both ways : you should check is that you dont have duplicates in your emails in the User table, press on the remove duplicates and then add an Index as a ID, make a relationship with the ID between the User and the User profile tables.

 

I used that article several times and its work fine to me.. so Im sure you will handle it also. 

 

Regards,

Dror

 

 

Message 5 of 5
1,510 Views
0
Greg_Deckler
Super User
Super User

‎03-31-2018 06:48 PM

So, RLS is set in both the Desktop and the Service. For each set of branches, you will need to first create a role, so 50 roles. So, your RLS rule will look like something along the lines of:

 

Table[Branch] = 12

 

This would be the rule for Branch12 for example.

 

Then you publish your file to the Service. In the Service you can then add members to each of the roles. So, you would add Tom to the Branch12 role, for example.


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 2 of 5
1,550 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All