Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
JohnLow
Helper I
Helper I

Row Level Security Question

‎03-19-2021 05:38 AM

Hi,

 

I'm new to RLS and need a little help. I've 3 tables Users, Network and Sales. Users has a relationship to Network which in turn has a relationship to Sales. Users have 3 roles: Network User, Admin and Finance. Admin and Finance should be able to see everything in the Sales table whereas the network user should only see what they have been assigned via the network table. I'm a little unsure as to whether I need to create a seperate role for all 3 roles. I've created a network role which seems to be function ok but would like that the finance and admin role override the network role and am unsure how to do that. 

I've included the the pbix file here

 

Thanks for the support. 

 

 

Labels:
Message 1 of 16
1,048 Views
0
1 ACCEPTED SOLUTION
sayaliredij
Super User
Super User

‎03-22-2021 06:21 AM

Hi @JohnLow 

 

Could you try applying a security filter

 

sayaliredij_1-1616419193798.png

I tried at my end and it works

 

For Finance user - everything is visible and for network user - only data related to him

 

sayaliredij_0-1616419148346.png

 





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!




View solution in original post

Message 14 of 16
839 Views
15 REPLIES 15
sayaliredij
Super User
Super User

‎03-22-2021 06:58 AM

@JohnLow  - Did it help? I was curious if I missed any thing





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!




Message 15 of 16
834 Views
JohnLow
Helper I
Helper I
In response to sayaliredij

‎03-22-2021 07:23 AM

@sayaliredij , great, thanks for your support.

Message 16 of 16
830 Views
0
sayaliredij
Super User
Super User

‎03-22-2021 06:21 AM

Hi @JohnLow 

 

Could you try applying a security filter

 

sayaliredij_1-1616419193798.png

I tried at my end and it works

 

For Finance user - everything is visible and for network user - only data related to him

 

sayaliredij_0-1616419148346.png

 





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!




Message 14 of 16
840 Views
sayaliredij
Super User
Super User

‎03-22-2021 02:30 AM

@JohnLow 

 

Could you check this file 

 

sorry I missed that the connection between Network and sales was one way

 

I enabled the following setting and then it worked

 

sayaliredij_0-1616405429521.png

 





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!




Message 12 of 16
857 Views
JohnLow
Helper I
Helper I
In response to sayaliredij

‎03-22-2021 06:13 AM

@sayaliredij , thanks again. I just realised that the relationship between network and sales is many to many. I should have been clearer in my model. I've attached the file again. Sorry for the confusion. 

 

File 

Message 13 of 16
842 Views
0
sayaliredij
Super User
Super User

‎03-21-2021 10:13 PM

Please try uploading this file and see if it works 





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!




Message 11 of 16
877 Views
sayaliredij
Super User
Super User

‎03-21-2021 10:13 PM

@JohnLow  It seems DAX provided by you is not handling all the scenarios. I think we don't need to add 2 DAX in sales and user

 

I added only one DAX - 

 

sayaliredij_0-1616389457405.png

and when I view it as 

 

sayaliredij_1-1616389492958.png

I see all the data 

 

sayaliredij_3-1616389806962.png

also check the file 





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!




Message 9 of 16
877 Views
0
JohnLow
Helper I
Helper I
In response to sayaliredij

‎03-22-2021 01:52 AM

@sayaliredij Thank you for the support but this doesn't handle the scenarios for the network users. For example, Justin below (UserID 4) should only see the first 2 rows of the table below, he shouldn't see the row with network name, Sparkling Socials. 

 

Capture123.JPG

Message 10 of 16
861 Views
0
JohnLow
Helper I
Helper I

‎03-20-2021 03:37 PM

Hi, could anyone help me a little further here? The RLS works fine for Network users, but all other users don't see anything and they should see everything. Here's the file: FILE 

 

Thanks again. 

Message 8 of 16
890 Views
0
sayaliredij
Super User
Super User

‎03-19-2021 06:48 AM

In case you don't want to use 2 roles

 

you can use the following DAX for the user table 

 

If(MaxX(
Filter(
Users,
Users[Username] = Username())
,Users[Role])= "Network user",
Users[Username] = Username(),
1=1
)





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!




Message 3 of 16
1,009 Views
0
JohnLow
Helper I
Helper I
In response to sayaliredij

‎03-19-2021 07:23 AM

@sayaliredij Thanks. I have a similar DAX statement for my network role in the pbix file above. This works ok. I'm just wondering do I need another role. Could you have a look at the pbix file attached please?

[NetworkID] IN
SELECTCOLUMNS (
    FILTER (
        Network,
        Network[UserId]
            = LOOKUPVALUE ( Users[UserID], Users[UserName], USERPRINCIPALNAME() )
    ),
    "NetworkID", [NetworkID]
)

 

Message 4 of 16
994 Views
0
sayaliredij
Super User
Super User
In response to JohnLow

‎03-19-2021 11:28 AM

I think one role with DAX above should be sufficient. I checked pbix file attached and tried with only one role and viewing it as different username as mentioned in the Users Table  and I was getting expected result 





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!




Message 6 of 16
956 Views
0
JohnLow
Helper I
Helper I
In response to sayaliredij

‎03-19-2021 02:48 PM

@sayaliredij, I'm not sure. If I add for example, Leah, a non network user to the network group online, she doesn't see everything. She should see everything. 

Capture1.JPG

If I test with Leah, a non network user, she doesn't see anything in the table:

 

Capture2.JPG

 

Message 7 of 16
940 Views
0
JohnLow
Helper I
Helper I
In response to JohnLow

‎03-19-2021 09:17 AM

Ideally what I would like is one role. I would create a new column in the Users table with an override flag. 

OverRideFlag = IF(
	ISERROR(
		SEARCH("Network", Users[Role])
	),
	"Y",
	"N"
)

 The DAX would then say, if User is a network user(override flag = no) follow the DAX in message 4  above, if not (override flag = yes) access everything in the Sales table. I could then add the everyone group to the powerbi online service and then it would filter automatically? The only manual work I would have to do is to share the report. 

Would be great if you could help me with the DAX, thanks again.

Message 5 of 16
966 Views
0
sayaliredij
Super User
Super User

‎03-19-2021 06:30 AM

You can create 2 roles 

1. Admin Role - where you can put all the people who would have access to all numbers 

2. Network role with DAX Formule = [Username] = USERNAME()

 

In power bi service while defining RLS configuration for Admin Role - you can put all the people from administrator and finance and for other network role - people from network departments (all other people)





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!




Message 2 of 16
1,016 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All