cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
PabloMaldonado Regular Visitor
Regular Visitor

Dynamic RLS with USERPrincipalName

Dears,

I am using a basic dax expression "[Short UserId] = USERNAME()" and USERPRINCIPALNAME().

This is the table I am using:

Auth example.png

 

 

 

 

 

The relationship we have:

Auth Relations.png

 

When publishing the report on the Power BI Service the report is not reflecting the RLS. It is not filtering this simple example.

 

Could you help me to understand what am I doing wrong or how can I fix this incident?

 

Thanks in advance,

Kind regards,

 

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Dynamic RLS with USERPrincipalName

@PabloMaldonado the print screen is from the PBI Service? 

 

could you post the other? 

 

i asked you to post print of PBI service , and PBI Desktop.

 

Create a report page for each print... one inside the powerbi.com other into your envoirment PBI Desktop.

 

example: sometimes, inside your PBI desktop, the username could return mydomain\henrique.silveira inside the PBI Service henrique.silveira@mydomain.com

 

because this i want these 2 prints... if it till correcly you need make some changes to it works fine...

 

PS: When you have a edit permission into workspace, RLS doesn't apply for edit members... 

 

take a look:  https://docs.microsoft.com/en-us/power-bi/service-admin-rls

 

 

Using RLS with app workspaces in Power BI

If you publish your Power BI Desktop report to an app workspace within the Power BI service, the roles will be applied to read-only members. You will need to indicate that members can only view Power BI content within the app workspace settings.

 

Another question, have you Applied security filter in both directions?

 

 

PabloMaldonado Regular Visitor
Regular Visitor

Re: Dynamic RLS with USERPrincipalName

@henriquesilveir Thanks,

There it was. Test members had edit permissions within the Workspace.

The rest points were already verified and checked and everything seemed to be ok.

 

Working properly now after giving read-only membership.

Thanks for your quick responses.

Kind regards,

7 REPLIES 7

Re: Dynamic RLS with USERPrincipalName

@PabloMaldonado hello, i always use RLS, but for this case in specific i hope that you need create the security group. 

 

Take a look in this article it will help you! 

 

https://www.fourmoo.com/2018/02/20/dynamic-row-level-security-is-easy-with-active-directory-security...

 

 

PS: Is not necessary to create security group into 365. i do it using only the on premises security group into ad.

PabloMaldonado Regular Visitor
Regular Visitor

Re: Dynamic RLS with USERPrincipalName

Thanks for your answer.

Anyhow, I don't think that creating a group would solve the issue as I have already included those users (single users) in the Role in Power BI Service.

 

The thing is that I feel the RLS expression is not being recognised in the Power BI Service. When i do try the role in the desktop it works properly.

 

 

PabloMaldonado Regular Visitor
Regular Visitor

Re: Dynamic RLS with USERPrincipalName

Re: Dynamic RLS with USERPrincipalName

@PabloMaldonado OK. TIP for you. into your report in PBI service, use the dax which was created, and see what is returning to username and principalusername , perhaps, when you publish into service it could returning a different user for PBI Desktop and service!

 

Please, print the 2 cases here. the data of username and userprincipalname in PBI Service and Desktop

 

Waiting on you!

PabloMaldonado Regular Visitor
Regular Visitor

Re: Dynamic RLS with USERPrincipalName

@henriquesilveir , Yes, that's something i made already and it was providing the right expression

Call to the Dax expressions.png

Re: Dynamic RLS with USERPrincipalName

@PabloMaldonado the print screen is from the PBI Service? 

 

could you post the other? 

 

i asked you to post print of PBI service , and PBI Desktop.

 

Create a report page for each print... one inside the powerbi.com other into your envoirment PBI Desktop.

 

example: sometimes, inside your PBI desktop, the username could return mydomain\henrique.silveira inside the PBI Service henrique.silveira@mydomain.com

 

because this i want these 2 prints... if it till correcly you need make some changes to it works fine...

 

PS: When you have a edit permission into workspace, RLS doesn't apply for edit members... 

 

take a look:  https://docs.microsoft.com/en-us/power-bi/service-admin-rls

 

 

Using RLS with app workspaces in Power BI

If you publish your Power BI Desktop report to an app workspace within the Power BI service, the roles will be applied to read-only members. You will need to indicate that members can only view Power BI content within the app workspace settings.

 

Another question, have you Applied security filter in both directions?

 

 

PabloMaldonado Regular Visitor
Regular Visitor

Re: Dynamic RLS with USERPrincipalName

@henriquesilveir Thanks,

There it was. Test members had edit permissions within the Workspace.

The rest points were already verified and checked and everything seemed to be ok.

 

Working properly now after giving read-only membership.

Thanks for your quick responses.

Kind regards,

Helpful resources

Announcements
Community News & Announcements

Community News & Announcements

Get your latest community news and announcements.

Summit North America

Power Platform Summit North America

Register by September 5 to save $200

Virtual Launch Event

Microsoft Business Applications Virtual Launch Event

Watch the event on demand for an in-depth look at the new innovations across Dynamics 365 and the Microsoft Power Platform.

MBAS Gallery

Watch Sessions On Demand!

Continue your learning in our online communities.

Top Kudoed Authors
Users Online
Currently online: 381 members 3,156 guests
Please welcome our newest community members: