Hi experts,
I have set up a report that uses Row Level Security and roles that filter on the user's login using the USERPRINCIPALNAME() function. In Power BI Desktop it is functioning as expected and I can test as various users under the one role I have set up so far and I've had no issues.
When I published to the Service and setup the security and added users to the roles it didn't seem to work and then after some searching I found out that RLS works only works on View Only roles, so I changed that and still got weird behaviour. No filtering occurred at all when I viewed as a user and my "Logged in as: person@domain.com" measure I created wasn't changing from my login.
I then discovered by way of trying a few different users, that only specific users weren't working and that some did work exactly as I would expect. All of the non-working ones had legacy logins in the form of "firstname@domain.com", while the majority of the users had e-mails/logins in the form of firstinitiallastname@domain.com.
I spoke to IT and they confirmed that these are legacy users who originally had just firstname e-mails and they're now aliased to the first intial/last name addresses.
I was able to adjust my query to pull those users into my Employee table in the legacy format. When I try testing as them in the Service, the auofill picks them up in the same format, but the filtering doesn't work.
I have tried using their proper e-mail format as well, but in the service you cannot select that format for testing (or for adding to security roles, etc.)
I am meeting with the IT group today to look into their accounts (as I don't have access) but I'm wondering if anyone else has come across this issue. I know they will not want to start changing these accounts (there's probably 25 or so), so I need to find a way to make them work.
Thanks in advance!
Kevin Coles