Love this approach! :) I was showing someone Dynamic RLS the other day and commented to them, a downside is that you have to manage who's in the manager group in security settings. This approach allows me to hand the job back to the data owner.
Nice video and explanation. Suppose we had a table with information that was not connected via relationships in this case not connected to sales rep, like a disconnected table. In such a case RLS will not apply and we have to address it separately?
Yes, correct RLS flows through the relationship and in the direction of the relationship. in the case of disconnected tables, you have to apply RLS filters on other tables too in the same role setup.
Thanks for the video. When no username is found, to avoid showing all the information or modifying the code, isn't it a solution in the LOOKUPVALUE function to set the to 0 ?
This is totally crazy. Microsoft needs to get stuff straight. Its multiple laters of overlapping security for no reason to require access to the report then again add access to the role. I set this up and was shocked to see that even with report access, you cant see anything because the role was not ALSO granted access.
Love this approach! :)
I was showing someone Dynamic RLS the other day and commented to them, a downside is that you have to manage who's in the manager group in security settings.
This approach allows me to hand the job back to the data owner.
Thanks. DRLS when implemented correctly would mean the job of maintaining it will be on the data owner side.
Nice video and explanation.
Suppose we had a table with information that was not connected via relationships in this case not connected to sales rep, like a disconnected table. In such a case RLS will not apply and we have to address it separately?
Yes, correct
RLS flows through the relationship and in the direction of the relationship. in the case of disconnected tables, you have to apply RLS filters on other tables too in the same role setup.
Need a video on role hierarchy data security
search for path , path contains nd other path fuctions
Thanks for the video.
When no username is found, to avoid showing all the information or modifying the code, isn't it a solution in the LOOKUPVALUE function to set the to 0 ?
that method can be used too. as long as it returns true/false in any way it should resolve correctly there
Thank you 😊
you're welcome
This is totally crazy. Microsoft needs to get stuff straight. Its multiple laters of overlapping security for no reason to require access to the report then again add access to the role. I set this up and was shocked to see that even with report access, you cant see anything because the role was not ALSO granted access.
Very nice ❤
Thanks 🤗