Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
tmcdevitt
Advocate II
Advocate II

RLS and overloading username() function to support multiple filter values

‎11-09-2017 07:57 AM

We're implementing embedded PowerBI reports for a client of our's using the "app owns data" model (i.e. we're using a service account to generate embed tokens and pass user context via the PBI REST API).

We're also leveraging RLS such that users will only be able to see data relevant to them.

An example of the payload we'd use in this case is:

 

{"accessLevel":"View","identities":[{"username":"foo@bar.com","roles":["Email"],"datasets":[<Dataset GUID>"]}]}

 

The problem is, some users actually need to be able to see not only their data but data for other users that are related to them. So, we figured we'd be able to overload the username() function by passing in a comma delimited string. So, something like this:

 

{"accessLevel":"View","identities":[{"username":"foo@bar.com, otheruser1@foo.com, otheruser2@foo.com","roles":["Email"],"datasets":[<Dataset GUID>"]}]}

 

Then, in our Role definition for "Email", we'd have something along the lines of:

 

[email] in {
    username()
}

 

However, this isn't working for us. Our reports don't break, they just don't filter properly.

Interestingly, if we do something like this:

 

[email] in {
   "foo@bar.com","otheruser1@foo.com","otheruser2@foo.com"
}

 

It actually works perfectly. So, we figured it was something about the way "username()" was returning the string. To make sure there wasn't anything wacky with it, we spit the results of username() into a Card and the resulting string looks exactly as we'd expect it to (i.e. it looks like the literal above that works).

 

We tried assigning the return value of username() to a variable, substituting in some double quotes and such to try to force the string to be what we wanted and that didn't matter either...

 

[email] in {
var rawUsername = username()
var cleanUsername = substitute(rawUsername, ",", """,""")
return cleanUsername
}

 

Anyway, what we're trying to accomplish doesn't sound crazy but we just can't get this to work the way we want it. We assume there's some sort of magic going on in the username() function that we're just not understanding.

 

Any help would be much appreciated.

 

- Terence

Labels:
Message 1 of 7
2,707 Views
0
1 ACCEPTED SOLUTION
Eric_Zhang
Employee
Employee

‎11-09-2017 10:34 PM

@tmcdevitt

AFAIK, it is not possible to overload the username(0 function. You may have to apply below workaround when modeling in Power BI desktop.

 

Maintain a mapping table as below.

Capture.PNG

 

Create relationship as below.

Capture.PNG

 

Apply RLS to Table RLSUsers and assign user(User1, User2) when generate embed token.

View solution in original post

Message 2 of 7
2,960 Views
0
6 REPLIES 6
helkynCoello
Regular Visitor

‎02-12-2020 03:07 PM

hello

 

I had the same issue: I need to filter by powerBI report for a user to view just data for certain offices; and this worked for me:

 

1) in power bi desktop--> Manage roles, out this expression:

 

PATHCONTAINS(
var pList = USERNAME()
return pList
,[officeID]
)

 

2) then when invoking the embedtoken endpoint from power bi api , i pass the list of offices like this: "1|4|52|12"

 

Works really nice..hope it helps!

 

Helkyn C

Message 4 of 7
1,961 Views
Elsheba
Frequent Visitor
In response to helkynCoello

‎04-28-2023 09:46 AM

This solution was exactly what we needed. Thank you so much! 

Message 7 of 7
473 Views
0
kjmusser4635678
Frequent Visitor
In response to helkynCoello

‎02-08-2022 02:29 PM

This should be the "solved" answer, it is not true there is no solution, this works !

Message 6 of 7
1,013 Views
0
Surya9
Helper V
Helper V
In response to helkynCoello

‎09-20-2021 09:51 AM

@helkynCoello This is what i was looking for

 

Message 5 of 7
1,265 Views
0
peytonmcbrayer
Advocate I
Advocate I

‎06-21-2018 02:42 PM

I am trying to achieve the exact same thing, and I have the same issue. I don't know why this is marked as resolved.   Did you come up with an actual working solution?   I've tried everything.   If I put a hard-coded list of data in the user role filter, it works fine, but if I try to wrap the username() function in brackets, the RLS filter does not work at all.   I did try to use the filter with a single item plugged into the "Other User" field in "View as Role" in PBI desktop, with NO QUOTES, and it works fine.   There must be something with how the username() function is interpreted in the DAX expression that breaks it....  

Message 3 of 7
2,507 Views
0
Eric_Zhang
Employee
Employee

‎11-09-2017 10:34 PM

@tmcdevitt

AFAIK, it is not possible to overload the username(0 function. You may have to apply below workaround when modeling in Power BI desktop.

 

Maintain a mapping table as below.

Capture.PNG

 

Create relationship as below.

Capture.PNG

 

Apply RLS to Table RLSUsers and assign user(User1, User2) when generate embed token.

Message 2 of 7
2,961 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All