Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.

Dynamic RLS with USERPrincipalName

Submitted by Anonymous on ‎10-25-2018 08:19 AM

hi guys

 

I am having some trouble with getting Dynamic RLS to work. 

 

I have created a table with all Usernames that I have related to a table with usernames and costcenters. This table is then related to the Dim Costcentertable, which is related to the fact tables. 

 

datamodel.PNG

 

 

 

I have with some borrowing from Radacad put in a second dimension (SeeALL) which I use to overwrite the PrincipalName filter for some individuals who should see all cost centers.

In the RLS filter I have the following DAX code:

If(
MaxX(
Filter(
Users,
'Users'[Username]=USERPRINCIPALNAME())
,'Users'[SeeAll])=0,
max('Users'[Username])=USERPRINCIPALNAME(),
1=1
)

 

The main problem is that it is not working, users on the User list can't get access to see anything in the app.

 

Furtermore the testing in the desktop is not really working either. It seems to only acknowledge myself as a User and everybody else can see everything when I enter their username in "view as roles" function:

 

use as roles.PNG 

 

so why is the testing giving another result (see everything = no filter) than the app in the service (no access, see belowSmiley Happy

 

error report.jpg

I have already tried to skip the above DAX code and just write:

 

Users[Username] = Userprincipalname() This gives me the same result.. which I find quite odd.

 

 

Is there something wrong with the RLSfunction or am I doing something wrong? 

Status: New
See more ideas labeled with:
6 Comments (6 New)
Comments
v-qiuyu-msft
Community Support
Community Support
‎10-26-2018 12:34 AM

Hi @Anonymous,

 

1. When you test the role as another user, please select the role (in your scenario, it's Users), and Other User, then type desired user to test his/her data. 

 

2. When you click on See Details on the last image, what's the detail information? 

 

After you publishing the report to Power BI service, any users access the report needs to be the members of RLS roles as long as the dataset related to the report have any RLS role.  Please follow this article to check your settings on Power BI service. 

 

Best Regards,
Qiuyun Yu 

Anonymous
Not applicable
‎10-26-2018 02:05 AM

Thanks, I found it out myself.. and you are right I didn't check both boxes. RLS is not that well documented in my opinion: https://docs.microsoft.com/da-dk/power-bi/service-admin-rls

 

The other error was my Dax code, the Max function was not just unnecessary it actually caused an error with the data. Just couldn't check it myself since I didn't check both boxes when signing in as a user to test.

 

Thanks

 

 

 

v-qiuyu-msft
Community Support
Community Support
‎10-28-2018 10:50 PM

Hi @Anonymous,

 

From your description, it looks like the issue is resolved now, right? If it is, may I close this thread? 

 

Best Regards,
Qiuyun Yu 

Anonymous
Not applicable
‎10-29-2018 01:55 AM

@v-qiuyu-msft 

Hi again

 

Unfortunately not quite. When I test in the deskptop the RLS works like a charm, but when the real users log in on the app they get the below: Any idea to what can be wrong??

 

error report.jpg 

Anonymous
Not applicable
‎10-30-2018 12:11 AM

@v-qiuyu-msft 

 

Should I post a new issue?

 

 

v-qiuyu-msft
Community Support
Community Support
‎11-05-2018 12:34 AM

Hi @Anonymous,

 

It looks like the issue only occurs on Power BI service rather than Power BI desktop. 

 

Please ensure the users access the report on Power BI service are members of RLS role: https://docs.microsoft.com/en-us/power-bi/service-admin-rls#working-with-members

 

If you don't want the RLS role apply to some users, you can create another RLS role without any filter specified, then add those users as members of this new RLS role. 

 

Best Regards,
Qiuyun Yu

Idea Statuses