Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more.
Get startedGrow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.
I am looking for a solution for security settings.
The situation:
We have a hierarchy of
- national manager level
- sales manager level
- regional manager level
- account manager level
Using RLS we restrict the users to see everything of their own data and below. An account manager sees his area and nothing more. A sales manager sees his sales manager area including all regional managers and account managers below him.
There is now a new requirement now:
- an account manager should be able to see his area (as it is already), but also the national manager level numbers, without any possibility to see other sales/regional/account manager below.
It means for example, that he sees the sales amount of Germany and his area in Berlin, but nothing more.
- sales manager should be able to see their own sales manager area and below hierarchy levels (as it is already), but also the numbers of other sales managers, without being able to drill down to their regional/account managers.
For example they see sales manager area "region north" and can drill down to "north east" and "north west" (regions) and also deeper account manager level for e.g. City of Hamburg. Additionally (and that is the point here), he sees the numbers of "region west", "regions south" and "region east" (other sales managers) without being able to drill down to the regions/area below.
Is it possible ro restrict the data as described?
Thank you very much for your help
Solved! Go to Solution.
No. It is not possible to restrict as described. BUT - it is possible to allow the user to filter as described.
thank you @lbendlin for the replies.
I see what is meant - thank you for clarification!
Use the standard Report level filter options and teach your users how to apply them and how to revert to the default (which should be their own focus area)
good to know!
How is it possible to filter as described?
No. It is not possible to restrict as described. BUT - it is possible to allow the user to filter as described.
thank you @lbendlin for the advice.
Maybe I am the only one here who doesn't understand, but it gives me no clue to proceed. It is not my job to rethink the requirements. I am just looking how to solve this as it is needed.
Let me re-formulate a little. Please forget RLS in this case (as it seems to be not right): Is it possible ro restrict the access of the users as described above?
My advice for you is to rethink what you are trying to accomplish and if it helps your users or not.
Thank your for your reply.
To understand you correctly it means that it is not possible to restrict it as described, right?
Do you have any useful advices for the above situation?
No, this is the opposite of RLS. RLS is a restrictive approach, what you want is a permissive approach.
Nothing wrong with that by the way, unless your data is fiscally sensitive. In fact, we have ditched RLS in many of our reports in favor of the permissive approach where we give everyone a default view of their area of work AND the opportunity to see data outside of that. Best of both worlds, in my opinion. Definitely improves employee satisfaction when compared to RLS (which is mostly hated).
User | Count |
---|---|
77 | |
74 | |
62 | |
61 | |
45 |
User | Count |
---|---|
108 | |
102 | |
93 | |
83 | |
64 |