I'm really prolific this week. We're in the implementation stage of one project and the Development stage of another. I'm the sole Developer/Administrator.
My first project was pretty standard. This second one is a little more complex. They want basic Active Directory userPrincipalName() RLS to apply except if the cost center in the Usage table has a particular Program Tag. Our RLS security data is contained in a table called AccountGroupMapping and we link it via a dataflow to a table called PAS Group which contains the Active Directory Security group. That in turn links to a table called person which contains the PAS Group and the userPrincipalName.
Currently, there's only one ProgramTag in the Usage table. Eventually, there may be more, but there aren't expected to be a lot. I do have a message out to the DB Developer/Architect confirming that the security for this will never be more complex because otherwise the hierarchy for this could be a nightmare and I'd need to map it all out.
I've attached a screenshot of the data model for the pbix file, but I'd appreciate any ideas you might have for how to write the DAX expression for the roles.