Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
matdub40
Helper II
Helper II

RLS does not work in Power BI

‎09-05-2022 03:21 AM

I have a database stored in SSMS Analysis Services that feeds a Power BI file that is located in app.powerbi.com.
This report shows sales by region, I would like to give store employees access to this report but have them only see sales from their own store.

 

For this I added a table Y2_StoreEmployee with the store number and the store email and linked it to the table Y2_Store :

 

033a4fdf-3462-415d-be7f-3b8431a2b51f.png

 

I created a Stores role in read mode and I put as formula DAX =Y2_StoreEmployee[email]=USERPRINCIPALNAME() in the Y2_StoreEmployee table.

 

I have a group in Azure that allows me to add the emails and give them access to the application and thus to the report.
However, when I connect with an email address of a store I still have access to all the data, is there a parameter that is missing? I did follow the Microsoft documentation.

 

Thank you for your help

 

Labels:
Message 1 of 3
426 Views
0
1 ACCEPTED SOLUTION
ibarrau
Super User
Super User

‎09-05-2022 05:29 AM

Hi there. I can think two things. First be sure that the role you have created it only has the "reader" box checked. Second the users with rls can only be Viewers at power bi workspace. If one of those two have more privileges, then they will see it all.

Just to clarify, the users can't be Analysis Services Server Admins or they will see it all again.

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

View solution in original post

Message 2 of 3
383 Views
0
2 REPLIES 2
ibarrau
Super User
Super User

‎09-05-2022 05:29 AM

Hi there. I can think two things. First be sure that the role you have created it only has the "reader" box checked. Second the users with rls can only be Viewers at power bi workspace. If one of those two have more privileges, then they will see it all.

Just to clarify, the users can't be Analysis Services Server Admins or they will see it all again.

I hope that helps,


If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Happy to help!

LaDataWeb Blog

Message 2 of 3
384 Views
0
matdub40
Helper II
Helper II
In response to ibarrau

‎09-05-2022 06:04 AM

Thank you very much for your answer! @ibarrau 
Indeed, the members of the BI group in Azure were owners of the workspace so they could see everything.
I just made the change by putting the email as the workspace viewer and it works!

What is the best thing to do because there is the workspace, the application and in this application my Power BI report which must be filtered. Where should the viewer permission be put?

Maybe add them as a reader of the report and send them the link?

Message 3 of 3
377 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All