Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

Row Level Security LWS

‎01-20-2022 02:03 AM

Hi All,

We have implemented Dynamic Row Level Security in our report and published in app services but whenever the user is accessing the report ,he is able to see the entire data and not the restricted one which we have created as RLS in our report. The user can only see his data(restricted data) by applying security at the dataset. Do we have any option to implements RLS for the user without applying security at the dataset in power bi service ?

 

 

Thanks,

Raghu

Labels:
Message 1 of 15
1,767 Views
0
3 ACCEPTED SOLUTIONS
Greg_Deckler
Super User
Super User

‎01-20-2022 03:17 AM

@Anonymous You have to add the user into an RLS role at the dataset. With Dynamic RLS that is generally a role that implements a filter on a security table like [Email] = USERPRINCIPALNAME()


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...

View solution in original post

Message 2 of 15
1,718 Views
0
Greg_Deckler
Super User
Super User
In response to Anonymous

‎01-20-2022 04:58 AM

@Anonymous 

(1) Dynamic Hierarchical Row Level Security - Microsoft Power BI Community

So, you generally have a table like the following:

Email

gdeckler@gmail.com

hank@gmail.com

 

etc.

You create a Role (RLS role) and the role has an expression like:

[Email] = USERPRINCIPALNAME

 

Meaning that users in this Role can only see their own row. This row is then linked (related) to the rest of your data in your other tables meaning that only related rows to this single row are visible to the person in the RLS role.

 

You publish the dataset. Then, in the Security for the dataset in the Service you add users to this Role. Now, when they view reports based on the dataset, they only see their own information. Now, the caveat is that you do NOT want to add those users to the workspace because that overrides RLS.


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...

View solution in original post

Message 10 of 15
1,703 Views
0
Burningsuit
Resident Rockstar
Resident Rockstar

‎01-24-2022 07:27 AM

hi @Anonymous 

This is probabaly because of the access permission your users have in the Workspace. If they have Workspace access, either as Admin, Member or Contributor, they are not subject to RLS and will see ALL the data. Only Viewers are subject to RLS in the Workspace. This feeds through to Apps too. If they are Admin, Member or Contributor on the Workspace the App is built from they will see ALL the data in the App. Only Viewers, or users not given Workspace access are subject to RLS in the associated App.

Remove the users access to the Workspace and they will be subject to RLS in the App.

Hope this helps

Stuart

 

 

View solution in original post

Message 12 of 15
1,614 Views
0
14 REPLIES 14
Anonymous
Not applicable

‎02-04-2022 03:26 AM

HI Greg,

We have two tables Fact and User tables . Base on the Job id /Name we need to apply dynamic security roles and we don’t have email id column .  when apply relationship between these two tables on LCT_NBR column(common column) its getting many to many relationship . PF below sample data.

Can you please guide me how to avoid many to many  relationship and any DAX function available to apply roles ID columns?

c8916239_0-1643973944753.png

c8916239_1-1643973961337.png

 

Thanks,

Nath

Message 15 of 15
1,394 Views
0
v-yanjiang-msft
Community Support
Community Support

‎01-24-2022 07:30 PM

Hi @Anonymous ,

Both static and dynamic RLS are required to assign users to dataset security, this is an inevitable step.

For more detailed steps to apply dynamic RLS, refer to the this article: Dynamic Row Level Security with Power BI 

 

Best Regards,
Community Support Team _ kalyj

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 14 of 15
1,594 Views
0
Burningsuit
Resident Rockstar
Resident Rockstar

‎01-24-2022 07:27 AM

hi @Anonymous 

This is probabaly because of the access permission your users have in the Workspace. If they have Workspace access, either as Admin, Member or Contributor, they are not subject to RLS and will see ALL the data. Only Viewers are subject to RLS in the Workspace. This feeds through to Apps too. If they are Admin, Member or Contributor on the Workspace the App is built from they will see ALL the data in the App. Only Viewers, or users not given Workspace access are subject to RLS in the associated App.

Remove the users access to the Workspace and they will be subject to RLS in the App.

Hope this helps

Stuart

 

 

Message 12 of 15
1,615 Views
0
Anonymous
Not applicable
In response to Burningsuit

‎02-01-2022 10:18 PM

HI Team,

 

Basically every user  having Job ID so based on the JOB id user will see their own data in power bi app service.

I need to apply  dynamic row level security  on the  job id level which is highlighted in yellow color .kindly help which DAX function we can use to see their own data and normally if user name we can use UserPrincipalName function.

Below is the sample data .

 

 

 

c8916239_0-1643782631994.png

 

Thanks,

Raghu

Message 13 of 15
1,438 Views
0
Anonymous
Not applicable

‎01-20-2022 04:47 AM

Hi Greg. 

I am not able to understand  your response . can you please elaborate and if you have any Urls related to RLS please  add.

 

Thanks,

Raghu

Message 9 of 15
1,704 Views
0
Greg_Deckler
Super User
Super User
In response to Anonymous

‎01-20-2022 04:58 AM

@Anonymous 

(1) Dynamic Hierarchical Row Level Security - Microsoft Power BI Community

So, you generally have a table like the following:

Email

gdeckler@gmail.com

hank@gmail.com

 

etc.

You create a Role (RLS role) and the role has an expression like:

[Email] = USERPRINCIPALNAME

 

Meaning that users in this Role can only see their own row. This row is then linked (related) to the rest of your data in your other tables meaning that only related rows to this single row are visible to the person in the RLS role.

 

You publish the dataset. Then, in the Security for the dataset in the Service you add users to this Role. Now, when they view reports based on the dataset, they only see their own information. Now, the caveat is that you do NOT want to add those users to the workspace because that overrides RLS.


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 10 of 15
1,704 Views
0
Anonymous
Not applicable
In response to Greg_Deckler

‎01-21-2022 04:52 AM

Hi Greg,

it means every user  should go to dataset and need to select secuirty  then only  user can only see his data(restricted data) by applying security at the dataset level.

Please confrim and provide more Links/inputs.

 

Thanks,

Raghu

Message 11 of 15
1,674 Views
0
Greg_Deckler
Super User
Super User

‎01-20-2022 03:17 AM

@Anonymous You have to add the user into an RLS role at the dataset. With Dynamic RLS that is generally a role that implements a filter on a security table like [Email] = USERPRINCIPALNAME()


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 2 of 15
1,719 Views
0
Anonymous
Not applicable
In response to Greg_Deckler

‎02-02-2022 11:10 PM

Hi Greg,

We have only  Job id and first name,last name only and we don’t have email . Based on the job id only we need to assign roles .if we look at below screebshot we have only job id.

Can you please confirm any DAX function available to apply roles on the Job id ?

c8916239_0-1643872206906.png

Thanks,

Raghu

Message 8 of 15
1,421 Views
0
Anonymous
Not applicable
In response to Greg_Deckler

‎01-24-2022 07:06 AM

HI All,

I have issues with applying  row level security  in power bi.

When i apply security role, at dataset level and applying test as role it is working fine and able to see my own data .

but when I run the report in power bi app without applying dataset level (test as role)  as default not able to see the  my own data.        

Please confirm each time we should go to dataset level and apply test as role required to see own data ?

 

 

 

thanks,

Raghu

Message 7 of 15
1,613 Views
0
Anonymous
Not applicable
In response to Greg_Deckler

‎01-23-2022 09:39 PM

Thanks Greg.

Can you please confrim the below ?

I have added the users in to RLS role still users not able to see they own data when user run the report as default but when user goes to dataset level with apply Security  then only user able to see the they own data .  we need when user run report first time the user want to see own data with out apply dataset security level manually each and every time . please confirm on the same.

 

 

Thanks,

Raghu

Message 3 of 15
1,635 Views
0
new2pbix
Frequent Visitor
In response to Anonymous

‎09-08-2022 01:07 PM

@Anonymous / @Greg_Deckler 
Did you ever get this figured out? I am trying to implement RLS but my problem is that every week a new report is generated and thus a new dataset is generated. Is there a way to get my 70 user list from the security settings of one dataset to the one generated the follow week for the next instance of the report?
And if not, is there a way to update my dataset on the Service with the refreshed data of the desktop application the following week, assuming i keep the same filename, without losing the security list and having to rebuild every week?

Message 4 of 15
1,042 Views
0
Greg_Deckler
Super User
Super User
In response to new2pbix

‎09-08-2022 01:46 PM

@new2pbix Right, you should keep the same file name for where your user list is coming from and just refresh it.


@ me in replies or I'll lose your thread!!!
Instead of a Kudo, please vote for this idea
Become an expert!: Enterprise DNA
External Tools: MSHGQM
YouTube Channel!: Microsoft Hates Greg
Latest book!: The Definitive Guide to Power Query (M)

DAX is easy, CALCULATE makes DAX hard...
Message 5 of 15
1,039 Views
0
new2pbix
Frequent Visitor
In response to Greg_Deckler

‎09-08-2022 01:48 PM

thanks.. yeah.. i think this is the only way to get RLS to work.

Message 6 of 15
1,037 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Kudoed Authors
View All