Dynamic Row-Level Security for Manager Level in Power BI? | RLS In Power BI Ep4 | BI Consulting Pro

If you are adding employees / manager email id into the power bi server then how it can be dynamic RLS. If manager changes for any account then again we have to add their email id to the server. This need to do every time if employee or manager changed.

Hi, I am encountering the following issue. Please help me out.

An error was encountered during the evaluation of the row level security expression defined on table 'User Roles'. Error message: DAX comparison operations do not support comparing values of type Text with values of type Integer. Considering the VALUE or FORMAT function to convert one of the values.

I have done eveything according to your video
My isManager is also whole number

Best video for RLS 👍

In addition to above i want to restrict managers to see own department data only

Great video, thank you!!

Is there a way to implement this for multi level rls? meaning some managers can only see certain employees, and then have a director level over everything.

Hi, thanks for the brilliant tutorial about the RLS. It's worked for me, but I have an issue, if i add an email ID which is not existing my security table and it start showing all the values in view as roles. How can we achieve this problem. It should not show anything if we add any external email ID, which is not exist in the table.

How can I achieve for my scenario that I have two pages, one overview and two employee progress? I'd like to use my AD as a log in and when a user logs in, Manager and above can see both pages, but employees can only see their page, which is number two. I looked into page level security but involves creating extra slicer and navigation is there way to avoid it and just use RLS? I am just confused about Employee page as i want to make them to land to their report page only.

How is this different from the basic RLS. It again depends on the access type the user has for the workspace . If I have admin access to the workspace and mark myself as not an admin in the example you gave. Will the RLS still apply to me ?

Syntax not working

Dear Sir ... very useful, Awesome series..

Hi , I have a question please. I noticed for dynamic RLS you had to go the Security of the DataSet and add user under Members! I thought the point of dynamic RLS is that you dont have to do that if the users have viewer access , no? Otherwise if I have too many viewers then I have to add all of them to the dataset security?

I am importing insurance data (view - having global data ) from Amazon redshift through ODBC connection. I want to apply RLS based on country and contract signed date ( for each country, contract signed date is different.)
Report is published in workspace (new workspace type with premium licence applied)

Requirement is to create role for each country and create one role as a global where we will see the data for all country after particular date(date column is available in view)

I want to assign 2 roles to single user.
For ex. XYZ person want to see global data as well as Australia's data.
Can you tell me what will be the output for this?

Is it possible to apply Row Level Security in above scenario ?

Please let me know awaiting for your reply.

For all of the users you shared, have you given only " Viewer" access? Nobody is an admin or contributor ?

Can we implement RLS on Direct Query method ??

How MAXX really helps? Can we write the DAX function without MAXX? Pls guide!

I am having Manager email and Sales person email where I want manager should see his own data + his sales person data where sales person can see only his own data... how can I achieve that through this
For this I have used 2rls for manager and sales person

I have a similar problem: I have sales and sales manager, security is through an AD group which contains all sales and sales manager e-mails. currently i use 2 rls, but i don't think it will work with 1 ad group. how do i create a similar rule to yours to switch to the right group. so its like yours except your 0,1 is managers e-mails. manager see their sales peoples accounts, sales should see only their own accounts.