Avoiding pitfalls with row-level security
RLS is a core feature of Power BI. It is the mechanism that’s used to prevent users from seeing certain data. It works by limiting the rows that a user can access in tables by applying DAX filter expressions.
There are two approaches to configuring RLS. The simplest configuration involves creating a role and then adding members, which can be individual users or security groups. Then, DAX table filter expressions are added to the role to limit which rows members can see. A more advanced approach (sometimes referred to as dynamic RLS) is where you can create security tables that contain user and permission information. The latter is commonly used when permissions can change often, and it allows the security tables to be maintained automatically, without the Power BI model needing to be changed.
Performance issues can arise when applying filters becomes relatively expensive compared to the same query with no RLS involved. This can...
