Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
bigrods
Helper II
Helper II

Row Level Security - access based on Job Role

‎10-04-2022 06:43 AM

Hi All,

 

I wondered if someone could please help: I am creating a report of staff data that has a table of absences that lists both annual leave and sickness; I'd like to restrict the Sickness data in there to people with certain job roles.

 

I have 3 tables: Staff, Assignment & Absence

 

Staff is all staff details, with email address

Assignment is the job role details for each staff member (a staff member could be seconded etc so may have multiple entries in here)

Absence lists all absences (annual leave, sickness etc).

 

I'd like it so that: Only Staff members with the Job Role of "Board Level Director" or "Chief Executive" can see everything in the Absence table (Annual Leave and Sickness), whereas everyone else can only see Annual Leave data. I've included the email address as it'd be something to do with userprincipalname() but not sure quite how to implement it.

 

In the example below, Linda, Susie and Sharon would be able to view all 4 records in the Absence table, but Jim would only be able to view the Annual Leave rows because of his "Dentist" job role.

 

Any thoughts or help would be gratefully received!

 

Staff

PersonIDNameEmail
2919834Lindalinda@job.com
21289404Susiesusie@job.com
2920048Sharonsharon@job.com
16339670Jimjim@job.com

 

Assignment

AssignmentIDPersonIDJob Role
1234562919834Chief Executive
45678921289404Board Level Director
9876542920048Board Level Director
65432116339670Dentist

 

Absence

AbsenceIDPersonIDAbsenceTypeDays Lost
784512258369Sickness1
326598968574Annual Leave3
876521238511Sickness5
653239258369Annual Leave2
Labels:
Message 1 of 7
616 Views
0
2 ACCEPTED SOLUTIONS
v-yalanwu-msft
Community Support
Community Support

‎10-04-2022 08:09 PM

Hi, @bigrods ;

You could create a [Key] column in 'staff ' and 'Absence' table ; then create a relationship.

1.create a key column in 'staff ' table by dax.

Key = IF( RELATED(Assignment[Job Role]) in { "Board Level Director","Chief Executive"},"A","B")

vyalanwumsft_1-1664938965587.png

2.create a key column in 'Absence ' table by dax.

vyalanwumsft_2-1664939007889.png

3.create a relationship.

vyalanwumsft_3-1664939039547.png

Then use USERPRINCIPALNAME() to implement Rls.

vyalanwumsft_4-1664939108851.png

the final show:

If I am Jim:

vyalanwumsft_5-1664939208269.png

If i am Lina 

vyalanwumsft_6-1664939315799.png

vyalanwumsft_7-1664939361498.png


Best Regards,
Community Support Team _ Yalan Wu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

 

How to get your questions answered quickly -- How to provide sample data

View solution in original post

Message 2 of 7
569 Views
0
bigrods
Helper II
Helper II

‎10-06-2022 10:23 AM

@v-yalanwu-msft 

 

I have managed to get this working; I've had a play around and joined the Staff and Assignment table together to make StaffAssignment.

I've then duplicated the Absence table and filtered the copy just by Sickness data to make a "Sickness" table. I then joined this to the StaffAssignment table by the Key field on both tables and this now works.

Thanks for the input

View solution in original post

Message 6 of 7
535 Views
0
6 REPLIES 6
bigrods
Helper II
Helper II

‎10-06-2022 10:23 AM

@v-yalanwu-msft 

 

I have managed to get this working; I've had a play around and joined the Staff and Assignment table together to make StaffAssignment.

I've then duplicated the Absence table and filtered the copy just by Sickness data to make a "Sickness" table. I then joined this to the StaffAssignment table by the Key field on both tables and this now works.

Thanks for the input

Message 6 of 7
536 Views
0
v-yalanwu-msft
Community Support
Community Support
In response to bigrods

‎10-10-2022 08:11 PM

Hi, @bigrods ;

Very happy to hear your problem solved; You can mark my reply in order to close the case to help people with similar questions to find answers. Thank you!


Best Regards,
Community Support Team _ Yalan Wu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

How to get your questions answered quickly -- How to provide sample data
Message 7 of 7
526 Views
0
v-yalanwu-msft
Community Support
Community Support

‎10-06-2022 02:49 AM

Hi, @bigrods ;

Both one-to-one and one-to-many relationships are okay, because only the direction of filtering is considered, filtered by the employee table to the Assignment table;

Second, why the key column was created is to create a connection between the two tables, in order to achieve the connection with the staff employee table, in order to judge who can see and who can't see.


Best Regards,
Community Support Team _ Yalan Wu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

How to get your questions answered quickly -- How to provide sample data
Message 4 of 7
551 Views
0
bigrods
Helper II
Helper II
In response to v-yalanwu-msft

‎10-06-2022 03:41 AM

@v-yalanwu-msft 

 

The first dax statement doesn't work as there is a one-to-many relationshp between Staff and Assignment:

 

bigrods_0-1665050472696.png

This is the relationship:

bigrods_1-1665050554140.png

 

Secondly, what is the Dax for the Absence table? I assume it's

if(AbsenceType="Sickness","A","B")

 

Finally, what are you proposing the relationship between Staff and Absence is on? Is it the Key column? There is already a relationship that exists based on PersonID

 

Thanks

Message 5 of 7
546 Views
0
v-yalanwu-msft
Community Support
Community Support

‎10-04-2022 08:09 PM

Hi, @bigrods ;

You could create a [Key] column in 'staff ' and 'Absence' table ; then create a relationship.

1.create a key column in 'staff ' table by dax.

Key = IF( RELATED(Assignment[Job Role]) in { "Board Level Director","Chief Executive"},"A","B")

vyalanwumsft_1-1664938965587.png

2.create a key column in 'Absence ' table by dax.

vyalanwumsft_2-1664939007889.png

3.create a relationship.

vyalanwumsft_3-1664939039547.png

Then use USERPRINCIPALNAME() to implement Rls.

vyalanwumsft_4-1664939108851.png

the final show:

If I am Jim:

vyalanwumsft_5-1664939208269.png

If i am Lina 

vyalanwumsft_6-1664939315799.png

vyalanwumsft_7-1664939361498.png


Best Regards,
Community Support Team _ Yalan Wu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

 

How to get your questions answered quickly -- How to provide sample data
Message 2 of 7
570 Views
0
bigrods
Helper II
Helper II
In response to v-yalanwu-msft

‎10-05-2022 01:03 AM

Hi @v-yalanwu-msft ,

 

Thanks for the reply; I'm not sure the solution works, as the relationship between Staff and Assigment (based on PersonID) is one-to-many - a Staff member could have multiple assignments. (apologies, my sample data didn't take this into account)

So I can't quite get the first Dax statment to create the Key column in the Staff table to work, would there be anything else that might work?

Many thanks for your time!

Message 3 of 7
564 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All