cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Lee_D2022
Regular Visitor

RLS Only Works For Some Users

We have a problem with our RLS whereby it is working for some users and not others, for these it is displaying all records unfiltered.

 

All users have the same permission level for the Workspace and they are all in the same role (and they are not duplicated across roles either).   Also, this issue is across multiple Workspaces and datasets.

 

I've removed the workspace, recreated it, etc. as still the problem persists.

 

Any other suggestions would be greatly appreciated as Google has let me down  😊

10 REPLIES 10
Lee_D2022
Regular Visitor

Hi

 

Thanks for the reply (and apolgies for not getting back sooner)

 

The users have the same permissions level in the WS (viewer) and are in the same RLS security group.

 

There are 2 different datasets in the WS and the problem persists for the same users across dataset

Do you have an RLS role that can view everything? What's the DAX expression that defines it?

------------------------------------------------
1. How to get your question answered quickly - good questions get good answers!
2. Learning how to fish > being spoon-fed without active thinking.
3. Please accept as a solution posts that resolve your questions.
------------------------------------------------
More tips and guidance in my Power BI architecture and development blog

It passes userprinciplename to the users name (code below)

There is a role that sees everything.  This doesn't have any filters applied.

DAX

Username =
var atpos = iferror(search("@",USERPRINCIPALNAME()),0)
return
if(atpos > 0,SUBSTITUTE(left(USERPRINCIPALNAME(),atpos-1),"."," "),"Error")

I suggest you create a table in a new report page with each user's UPN and then a column with that DAX expression. Publish it in the service to see the UPN resolve to emails.

------------------------------------------------
1. How to get your question answered quickly - good questions get good answers!
2. Learning how to fish > being spoon-fed without active thinking.
3. Please accept as a solution posts that resolve your questions.
------------------------------------------------
More tips and guidance in my Power BI architecture and development blog

That sheds a little more light on the situation.  The problem users are returning my name and, as I'm in the see all group, they can then see all.

 

Why would this happen for some users and not all of them?  Could it be how their profile is set up?

Yeah I'd review these users' profiles in AAD and how they're different from those that work as expected.

------------------------------------------------
1. How to get your question answered quickly - good questions get good answers!
2. Learning how to fish > being spoon-fed without active thinking.
3. Please accept as a solution posts that resolve your questions.
------------------------------------------------
More tips and guidance in my Power BI architecture and development blog

Just sat with the IT team and compared AAD profiles and there's nothing discernably different between the two.

What happens if you just use USERPRINCIPALNAME() as the DAX expression for the "see all" profile instead of your conditional logic?

------------------------------------------------
1. How to get your question answered quickly - good questions get good answers!
2. Learning how to fish > being spoon-fed without active thinking.
3. Please accept as a solution posts that resolve your questions.
------------------------------------------------
More tips and guidance in my Power BI architecture and development blog
Tutu_in_YYC
Memorable Member
Memorable Member

Did you add them to the workspace with a role other than "Viewer", if yes, that would overwrite the RLS. Only "Viewer" works with RLS.

This is the most likely explanation. I blame Microsoft for defaulting to Member when you add users to a workspace.

------------------------------------------------
1. How to get your question answered quickly - good questions get good answers!
2. Learning how to fish > being spoon-fed without active thinking.
3. Please accept as a solution posts that resolve your questions.
------------------------------------------------
More tips and guidance in my Power BI architecture and development blog

Helpful resources

Announcements
August 1 episode 9_no_dates 768x460.jpg

The Power BI Community Show

Watch the playback when Priya Sathy and Charles Webb discuss Datamarts! Kelly also shares Power BI Community updates.

Power BI Dev Camp Session 24 without aka link and time 768x460.jpg

Ted's Dev Camp - July 28, 2022

Watch Session 24 of Ted's Dev Camp along with past sessions!

Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

Top Solution Authors