Dear Power BI experts,
I'm running into an issue where I can't get my head around, completely stuck on this.
In my simplified model, there's a 'fact_sales' which is linked many-to-one with 'dim_department' and 'dim_product'. I also have two tables for dynamic RLS linked many-to-many with my dim tables, being 'rls_department' and 'rls_product'. Both those connections are bi-directional with security filters applied in both directions.
The input for my rls tables is an Excel sheet composed as follows:
| Department | Product | UPN |
| Department A | Product A | UPN A |
| Department B | Product A | UPN B |
| Department C | Product C | UPN C |
| | Product B | UPN A |
| | Product C | UPN A |
This is split into my two rls tables in Power BI desktop:
rls_department
| Department | UPN |
| Department A | UPN A |
| Department B | UPN B |
| Department C | UPN C |
rls_product
| Product | UPN |
| Product A | UPN A |
| Product A | UPN B |
| Product C | UPN C |
| Product B | UPN A |
| Product C | UPN A |
I have defined one RLS role with the rules:
1. rls_department[UPN] = userprincipalname()
2. rls_product[UPN] = userprincipalname()
There are two possible scenarios in my security model
1. UPN B and C: User is allocated to both a department and a product > RLS is working
2. UPN A: User is allocated to both a specific department and a product but also to another product. This user can see the following: department A from product C but all departments from product B and C. In this case my RLS is not working because it's too restrictive, it will filter department A and product A, B and C. Therefore, UPN A can't see the other departments of product B and C.
The goal is to setup dynamic RLS which is reflecting the business logic from the input Excel sheet.
I hope this clarifies my issue. If not, please let me know and I'll further explain.
Many thanks in advance for your time and help!
Ruben.
