This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 46%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
I have a fact table, with no security; all employees should see all the rows... But, but, just on one specific page in my report, I want the employees to see only their own data.
So I decided to have a model with the next tables:
Fact <- Employee <- BridgeEmployeeRole
My goal was to add RLS in BridgeEmployeeRole , having a filter Username = USERNAME() ( I thought that as long as BridgeEmployeeRole wasn't used in the report the filter wouldn't be triggered).
But I quickly realized that I was wrong, the filter cascaded to the Fact and messed up all my other pages.
BridgeEmployeeRole is just a copy of Employee with fewer columns. This is the relationship:
The RLS worked, but it filtered all the way to the fact, so I couldnt achieve my result.
Then... I was just playing around and I made it like this:
and this, somehow, achieved my desired result!!!!! (That is, the RLS doesnt work unless you add this filter):
(so I added the filter in the page I want to limit the view, and it works with unrestricted rows in other pages).
So, basically, It works but I dont know why... Why is that changing cardinality makes the RLS only work if the table is selected as filter in the pane...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi @ovonemty
First of all, I want to congratulate you on achieving the results you want.
Row-Level Security enables you to use group membership or execution context to control access to rows in a database table.
For your question, I guess that when the cardinality is 1:1, the system can automatically filter out the BridgeEmployeeRole corresponding to Employee Current. When the cardinality is modified to 1 to many, due to the existence of IsEmployee in the BridgeEmployeeRole table, I guess that there are employees and non-employees in the BridgeEmployeeRole table, and the employees are displayed as 1. At this time, the system cannot automatically identify which BridgeEmployeeRole is an employee and which is a non-employee corresponding to Employee Current, so it is necessary to manually filter out the employees in the BridgeEmployeeRole table.
Best regards,
Percy Tang
----------
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our Documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 95%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
The 1:* cardinality unlocked the RLS checkbox for the relationship, and you have it unchecked, so RLS-based filtering is not automatically propagated to the one side. It still applies to the M side, limiting the rows, and when you add a regular filter, you are getting the combined (RLS+regular) effect from the M side table in your output.
Looking at your original requirements, see whether you can achieve them without RLS and the other table altogether, by simply filtering Employee on that particular page.