A single Power BI report, yet each salesperson sees only their sales and each manager only their region. It is not magic nor copies of the file — it is Row-Level Security (RLS), the mechanism that filters data by user within the same report.
The problem it solves
Without RLS, sharing a report means showing everything to everyone — or hand-maintaining dozens of filtered versions, one per team or region. It is insecure, laborious and goes stale. RLS solves this in a single report that adapts to whoever opens it.

How it works, in two pieces
- Roles: you define a role with a filter rule written in DAX, for example
[Region] = "North". - User assignment: you map people to roles; on opening the report, each one sees only the rows their rule allows.
Static vs dynamic
In static RLS, you create one role per group (North, South, Central) — simple, but it scales poorly with many divisions. In dynamic RLS, you use the USERPRINCIPALNAME() function to filter by the authenticated user's email, joining a table that links each user to their data. A single role serves the whole organization.
Precautions that avoid surprises
Always test with "View as role" before publishing; confirm that the model's relationships propagate the filter in the right direction; and remember that anyone with admin permission on the workspace can bypass RLS. Data security starts in the model, not just the report.
In practice
If you already maintain several copies of the same report just to show different data to different people, RLS will save you that work and reduce risk. One report, many audiences, each seeing only what they should. How many manual versions could you eliminate with RLS?