Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
yoismelp
Frequent Visitor

Power BI Global Role Level Security

‎01-16-2022 07:22 PM

To any one reading this, I was wondering if you have come to a situation where you implement RLS on all of your reports (let say about 30). The RLS is set so that users assigned to site A Active Directory (AD) group can only see data for site A, users assigned to site B (AD) group can only see data for site B, and so on. For example, let say I have a fact table for Sites and I create RLS on this table and my RLS are:


SiteA --> filter created is --> [site] = A

SiteB --> filter created is --> [site] = B

 

The issue now is that when a new sites C, D, and so on are open, then all reports need to be updated to add a new RLS and corresponding assignments need to be done in the portal. For example:

 

SiteC --> filter created is --> [site] = C

SiteD --> filter created is --> [site] = D

 

Is there any good solution for something like this where each report won't need to be updated everytime a new site is added? I am looking for a way to set global RLS for all the reports in my environment or something that could work similar to this. If it exists, I am not aware of it.
Thanks in advanced for your feedback.

Labels:
Message 1 of 3
585 Views
0
1 ACCEPTED SOLUTION
amitchandak
Super User
Super User

‎01-17-2022 12:16 AM

@yoismelp . Have you create a table like

Site - Email and joined it with fact table  (many to many bi-direction is fine too)

 

and then create a role with filter

[Email] = userprincipalname()

 

I think this approach should work

 

Assign this role to a security group

 

 

How to use Row Level Security (RLS): https://youtu.be/NfdIA0uS6Nk



View solution in original post

Message 2 of 3
525 Views
2 REPLIES 2
amitchandak
Super User
Super User

‎01-17-2022 12:16 AM

@yoismelp . Have you create a table like

Site - Email and joined it with fact table  (many to many bi-direction is fine too)

 

and then create a role with filter

[Email] = userprincipalname()

 

I think this approach should work

 

Assign this role to a security group

 

 

How to use Row Level Security (RLS): https://youtu.be/NfdIA0uS6Nk



Message 2 of 3
526 Views
yoismelp
Frequent Visitor
In response to amitchandak

‎01-17-2022 03:27 PM

@amitchandak , this helped. Thank you very much! I am glad I had a Power Automate job pushing the Azure AD data to SQL.
With that, I created a dataflow table (my users-sites table as you suggested) and now I can use that in all of our reports and when an update is needed, now we just need to update the dataflow. However, do you know if there is an easy way to get the AD data into Power BI without copying the data to SQL first so the PBI does not rely on this flow? 

Message 3 of 3
489 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All