✨User Context - RLS Experience
To restrict the nodes visibility as per the user accessing the report
Last updated
Was this helpful?
To restrict the nodes visibility as per the user accessing the report
Last updated
Was this helpful?
This concept involves communicating to the visual which node you want to automatically set as the top root node (reference: ✨Viewing Subtrees) based on the logged-in user's context. It is like providing the filtering criteria to find that node. It involves:
A column on which you would like to filter - to be mapped in the "Filter Column" (E.g.: Email)
A DAX measure with the value to apply the filter - to be mapped in the "Logged-in User Detail" - this measure must be configured as per the use case. It should return the corresponding value of the logged-in user record. (E.g.: Email ID of the logged-in user)
This means that the logged-in user must see only his/her node and their team (directly/indirectly) reporting to them:
Create a measure, using the USERPRINCIPALNAME to identify the email ID of the logged-in user:
In the visual:
Add the measure (created in step #1) in the Fields section:
Go to “Map Fields” and map the data in the “User Context” section:
Logged-in User Detail – Populate the DAX measure created in step #1
Filter Column – The column in the data, on which the logged-in user detail value must be matched to identify the record of the Lead/Manager who has logged in.
For example – If Alex is a manager who is viewing the report with his email alex@test.com, then the DAX measure will return the value “alex@test.com”. Now, in the Organization data, the visual needs to identify the record of Alex, only then its team can be plotted in the visual. So, we provide the “Email” column in the “Filter Column” field.
Open the “Display” section from the top pane – Click on Navigation – where we get the option of “User Context Behaviour” - Click on “Restricted Access”
With this implementation, the logged-in user will be able to see only their own record and their subtree.
The result will be best visible in the Read view of the report on Power BI online service
Instead of providing the logged-in user email ID and the Email ID column for lookup, any other attribute can also be used to provide context of the node to be set as teh root node. Another Example Use Case: The logged-in user must see their manager's entire team. This means that the logged-in user's Manager's node must be set as the root node by the visual. - Then get the logged-in user's Manager Name/Email in the DAX measure. - And provide the Employee Name/Email column for the "Filter column" to lookup the value. This way the visual will find the node where the Employee Name/Email (column) = DAX value (Logged-in user's Manager Name/Email) i.e. the manager node of the logged-in user and set it as the root node.