Power BI Row-Level Security (RLS)

In this blog post, I’m going to walk you through how to set up and manage Row-Level Security (RLS) in Power BI to control data access for different users.

Power BI makes it easy to share insights, but when different users need to see different data, RLS is essential. It helps ensure each user only sees the data they’re authorized to access — no more, no less.

We'll cover the basics of RLS, how to implement static and dynamic roles, and tips for testing and publishing securely. By the end of this post, you'll be ready to apply RLS with confidence in your own reports.

What is RLS ?

Row-Level Security (RLS) in Power BI is a data access control feature that restricts data visibility at the row level, based on the identity of the user viewing the report. It allows you to build one report and securely serve different views of the same data to different users — without needing to duplicate reports or datasets.

For example, in a sales dashboard, you might want regional managers to only see data for their own region, while the head of sales can view all regions. RLS lets you enforce this directly within Power BI.

RLS is defined using roles and DAX filters that are applied to tables. When a user accesses a report, Power BI checks which roles they belong to and applies the corresponding filters to restrict the data they see.

There are two main ways to implement RLS in Power BI: Static and Dynamic. Here's a breakdown of how they differ: 

Static Row Level Security

Definition: Roles are manually defined with fixed DAX filters for each user group.

Setup: You create roles in Power BI Desktop and write DAX filters like [Country] = "Sri Lanka" for a “West Region” role.

Now I am going to guide you through the steps to implement Static RLS in PowerBI Desktop. I created a very simple Dashboard for this. First you need to open Mange roles from Modelling Tab. Refer the below image.

To get started, we’ll create a new role that restricts data access to users associated with Sri Lanka. Based on the dataset structure shown in the image below, we’ll define a role using a simple DAX filter on the Country column.

This role will ensure that users assigned to it can only see data where the country is Sri Lanka.

Now, navigate to the “View as” option in Power BI Desktop and select the Country – Sri Lanka role from the list. You’ll notice that the report now displays only the data related to Sri Lanka, exactly as intended by the Row-Level Security filter. Refer the below images. 

Dynamic Row Level Security

Definition: Roles are defined using a user mapping table, and DAX functions like USERNAME() dynamically filter data based on the logged-in user's domain and user name.

Alright, Let's implement Dynamic RLS. Go to manage roles again and create a new role. Now you can switch to DAX editor and type this code. Refer the below images. 

Now let's check this like this using view as option. You will see data is filtered by the given Manager name. 

By now, you’ve learned how to set up both static and dynamic Row-Level Security in Power BI Desktop. However, the process isn’t complete just yet , after configuring RLS locally, the next step is to publish your report to the Power BI Service.

Once published, you’ll need to assign users to the appropriate roles you’ve created. This step ensures that RLS takes effect when users access the report online. Please refer the official  PBI  docummentation here to setup.

RLS in Power BI is especially valuable for sensitive reports , such as sales bonus reports. In scenarios like these, it’s critical to ensure that each manager can view only their own data, such as their team's sales performance and corresponding bonus details.

With RLS in place, you can enforce strict data access rules, allowing managers to see only the information relevant to them, without exposing other regions' or teams' data. This not only protects sensitive information but also improves trust and professionalism in how data is shared across the organization.

Implementing RLS in such use cases ensures data privacy, minimizes the risk of accidental exposure, and supports compliance with internal and external data governance policies.

Now we've come to the end of this blog post. I hope this post gave you a clear overview of how to set up RLS in Power BI Desktop. Feel free to DM me if you have questions, and stay tuned for more Power BI tips! Happy Learning!