Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
We have a problem with our RLS whereby it is working for some users and not others, for these it is displaying all records unfiltered.
All users have the same permission level for the Workspace and they are all in the same role (and they are not duplicated across roles either). Also, this issue is across multiple Workspaces and datasets.
I've removed the workspace, recreated it, etc. as still the problem persists.
Any other suggestions would be greatly appreciated as Google has let me down 😊
Hi
Thanks for the reply (and apolgies for not getting back sooner)
The users have the same permissions level in the WS (viewer) and are in the same RLS security group.
There are 2 different datasets in the WS and the problem persists for the same users across dataset
Do you have an RLS role that can view everything? What's the DAX expression that defines it?
It passes userprinciplename to the users name (code below)
There is a role that sees everything. This doesn't have any filters applied.
DAX
I suggest you create a table in a new report page with each user's UPN and then a column with that DAX expression. Publish it in the service to see the UPN resolve to emails.
That sheds a little more light on the situation. The problem users are returning my name and, as I'm in the see all group, they can then see all.
Why would this happen for some users and not all of them? Could it be how their profile is set up?
Yeah I'd review these users' profiles in AAD and how they're different from those that work as expected.
Just sat with the IT team and compared AAD profiles and there's nothing discernably different between the two.
What happens if you just use USERPRINCIPALNAME() as the DAX expression for the "see all" profile instead of your conditional logic?
Did you add them to the workspace with a role other than "Viewer", if yes, that would overwrite the RLS. Only "Viewer" works with RLS.
This is the most likely explanation. I blame Microsoft for defaulting to Member when you add users to a workspace.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.