Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
WEtapForPregame
Regular Visitor

RLS for guest accounts that are personal email addresses not matching what is in AAD or guest users

‎08-15-2022 08:14 AM

We have this working now, but only by having the guest tell us what shows up on a tool we created that displays the userprincipalname() when they go to the Power BI report.

 

We have guests that mostly use a gmail.com email addresses.

 

We have seen these prefixes live.com# and mail# to the user email address, when calling userprincipalname().

 

We were expecting to see this user with (User Principal Name) XXXXXXXXX_gmail.com#EXT#@PregameCom.onmicrosoft.com email address XXXXXXXXXX@gmail.com but instead we see mail#xxxxxxxxxx@gmail.com

 

What confused us the most was another gmail user with (User Principal Name) yyyyyyyyyyyy_gmail.com#EXT#@PregameCom.onmicrosoft.com email address YYYYYYYYYYYY@gmail.com but instead we see live.com#yyyyyyyyyyy@gmail.com

 

We orginally had the user principal name for the RLS it didn't work. We have since changed it to mail#xxxxxxxxxxx@gmail.com, and it's working now.

 

The RUB what should we use for the prefix so that it works the first time for external users that we invite as guest viewers of the data?  It's a horrible experence right now, as many of the guests are not techincal.

-Todd

Labels:
Message 1 of 7
1,225 Views
6 REPLIES 6
buhari91
Frequent Visitor

‎11-23-2022 11:45 AM

I was in the same boat and below solution worked for me: @WEtapForPregame 

[userprincipalname] = USERPRINCIPALNAME() || CONTAINSSTRING(USERPRINCIPALNAME(), [mail]) && NOT(ISBLANK([mail]))

where [userprincipalname] and [mail] is the column on RLS table. 

Please accept it as solution if it resolves your issue.
Thank you

Message 6 of 7
1,013 Views
emoroz
Frequent Visitor
In response to buhari91

‎01-12-2023 04:56 PM

could you help me understand what this is doing? 

Message 7 of 7
851 Views
0
v-zhangti
Community Support
Community Support

‎08-21-2022 11:18 PM

Hi, @WEtapForPregame 

 

Please refer to the following links in the hopes of helping you.

Solved: RLS for External guest users - Microsoft Power BI Community

Row Level Security with SSAS Tabular Live Connection in Power BI - RADACAD

Solved: Dynamic RLS - Microsoft Power BI Community

 

Best Regards,

Community Support Team _Charlotte

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 4 of 7
1,126 Views
WEtapForPregame
Regular Visitor
In response to v-zhangti

‎08-22-2022 06:48 AM

@v-zhangti 

 

I believe we read someplace, that to make sure it's secure we must use the User Principal Name, an not any other attibute for RLS.  So the expected value returned the User Principal Name of a guest user that we've invited could be any text followed by a # then their email address?  If we remove everything from the beginning to the # and evaluate that to the email address we used to invite them, that is recommended?

 

It would be super helpful to the community I believe if someone from Microsoft could comment on the behavior of the User Principal Name for guest users.  Specifically when it comes to personal accounts, and these observed prefixes,  mail# & live.com# I don't know if there are more but that is what we've seen so far.

 

-Todd

Message 5 of 7
1,113 Views
WEtapForPregame
Regular Visitor

‎08-15-2022 03:08 PM

I hope someone from Microsoft can answer if this is the expected result, or is this a bug.

 

 

Message 3 of 7
1,176 Views
GilbertQ
Super User
Super User

‎08-15-2022 02:55 PM

Hi @WEtapForPregame 

 

I have also had this challenge in the past and what I did in PowerQuery was to have both options in my RLS table. This allowed it to work no matter which way it is returned.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 7
1,182 Views

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All