Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Lee_D2022
Regular Visitor

RLS Only Works For Some Users

‎06-23-2022 07:12 AM

We have a problem with our RLS whereby it is working for some users and not others, for these it is displaying all records unfiltered.

 

All users have the same permission level for the Workspace and they are all in the same role (and they are not duplicated across roles either).   Also, this issue is across multiple Workspaces and datasets.

 

I've removed the workspace, recreated it, etc. as still the problem persists.

 

Any other suggestions would be greatly appreciated as Google has let me down  😊

Labels:
Message 1 of 11
448 Views
0
10 REPLIES 10
Lee_D2022
Regular Visitor

‎06-28-2022 02:43 AM

Hi

 

Thanks for the reply (and apolgies for not getting back sooner)

 

The users have the same permissions level in the WS (viewer) and are in the same RLS security group.

 

There are 2 different datasets in the WS and the problem persists for the same users across dataset

Message 4 of 11
363 Views
0
otravers
Community Champion
Community Champion
In response to Lee_D2022

‎06-28-2022 05:17 AM

Do you have an RLS role that can view everything? What's the DAX expression that defines it?

------------------------------------------------
1. How to get your question answered quickly - good questions get good answers!
2. Learning how to fish > being spoon-fed without active thinking.
3. Please accept as a solution posts that resolve your questions.
------------------------------------------------
BI Blog: Datamarts | RLS/OLS | Dev Tools | Languages | Aggregations | XMLA/APIs | Field Parameters | Custom Visuals
Message 5 of 11
353 Views
0
Lee_D2022
Regular Visitor
In response to otravers

‎06-28-2022 05:27 AM

It passes userprinciplename to the users name (code below)

There is a role that sees everything.  This doesn't have any filters applied.

DAX

Username =
var atpos = iferror(search("@",USERPRINCIPALNAME()),0)
return
if(atpos > 0,SUBSTITUTE(left(USERPRINCIPALNAME(),atpos-1),"."," "),"Error")
Message 6 of 11
350 Views
0
otravers
Community Champion
Community Champion
In response to Lee_D2022

‎06-28-2022 05:46 AM

I suggest you create a table in a new report page with each user's UPN and then a column with that DAX expression. Publish it in the service to see the UPN resolve to emails.

------------------------------------------------
1. How to get your question answered quickly - good questions get good answers!
2. Learning how to fish > being spoon-fed without active thinking.
3. Please accept as a solution posts that resolve your questions.
------------------------------------------------
BI Blog: Datamarts | RLS/OLS | Dev Tools | Languages | Aggregations | XMLA/APIs | Field Parameters | Custom Visuals
Message 7 of 11
345 Views
Lee_D2022
Regular Visitor
In response to otravers

‎06-28-2022 08:03 AM

That sheds a little more light on the situation.  The problem users are returning my name and, as I'm in the see all group, they can then see all.

 

Why would this happen for some users and not all of them?  Could it be how their profile is set up?

Message 8 of 11
336 Views
0
otravers
Community Champion
Community Champion
In response to Lee_D2022

‎06-28-2022 08:07 AM

Yeah I'd review these users' profiles in AAD and how they're different from those that work as expected.

------------------------------------------------
1. How to get your question answered quickly - good questions get good answers!
2. Learning how to fish > being spoon-fed without active thinking.
3. Please accept as a solution posts that resolve your questions.
------------------------------------------------
BI Blog: Datamarts | RLS/OLS | Dev Tools | Languages | Aggregations | XMLA/APIs | Field Parameters | Custom Visuals
Message 9 of 11
335 Views
0
Lee_D2022
Regular Visitor
In response to otravers

‎06-30-2022 07:10 AM

Just sat with the IT team and compared AAD profiles and there's nothing discernably different between the two.

Message 10 of 11
290 Views
0
otravers
Community Champion
Community Champion
In response to Lee_D2022

‎06-30-2022 07:15 AM

What happens if you just use USERPRINCIPALNAME() as the DAX expression for the "see all" profile instead of your conditional logic?

------------------------------------------------
1. How to get your question answered quickly - good questions get good answers!
2. Learning how to fish > being spoon-fed without active thinking.
3. Please accept as a solution posts that resolve your questions.
------------------------------------------------
BI Blog: Datamarts | RLS/OLS | Dev Tools | Languages | Aggregations | XMLA/APIs | Field Parameters | Custom Visuals
Message 11 of 11
287 Views
0
Tutu_in_YYC
Resident Rockstar
Resident Rockstar

‎06-23-2022 07:26 AM

Did you add them to the workspace with a role other than "Viewer", if yes, that would overwrite the RLS. Only "Viewer" works with RLS.

Message 2 of 11
438 Views
otravers
Community Champion
Community Champion
In response to Tutu_in_YYC

‎06-23-2022 07:38 AM

This is the most likely explanation. I blame Microsoft for defaulting to Member when you add users to a workspace.

------------------------------------------------
1. How to get your question answered quickly - good questions get good answers!
2. Learning how to fish > being spoon-fed without active thinking.
3. Please accept as a solution posts that resolve your questions.
------------------------------------------------
BI Blog: Datamarts | RLS/OLS | Dev Tools | Languages | Aggregations | XMLA/APIs | Field Parameters | Custom Visuals
Message 3 of 11
411 Views

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All