https://community.fabric.microsoft.com/t5/Developer/How-to-achieve-Row-Level-Security-using-PowerBi-JS-API/m-p/1116498#M23839 <P>I have Power BI Embedded App-Owns data scenario where I have a report configured for Row Level Security, and the report shows different data based on the some of filter parameters I passed from client side.&nbsp;</P><P>&nbsp;</P><P>When client requests report (request generated from client facing website), server side code generates Embed token (this would be server-to-server call =&gt; from my server to PowerBi Service, no data from client space passed to PowerBi Service). I am using PowerBi API to generate Embed token for certain ReportID and DataSet and authentication is taken care correctly.&nbsp; Now this Embed token is passed to client space and there I am using EmbedConfig to embed report. Something like below:&nbsp;</P><PRE>const filter = { $schema: "http://powerbi.com/product/schema#basic", target: { table: "table name", column: "Organization" }, operator: "In", values: ["SomefilterValue"] }; var config = { type: 'report', tokenType: models.TokenType.Embed, accessToken: accessToken, embedUrl: embedUrl, id: embedReportId, permissions: models.Permissions.Read, settings: { filterPaneEnabled: true, navContentPaneEnabled: false } };</PRE><P>&nbsp;</P><P>However, my major concern is in client-side JavaScript scenario.&nbsp; If I am a bad actor, I can just use Chrome developer tools (or Fiddler, or whatever) to get Embed Token. Once I have that embed token, I can use PowerBi Embed Playground and pass various filter parameters. I am really stuck at this point, I think, I am missing something.&nbsp;&nbsp;</P><P>I implmented everything according to :&nbsp;<A href="https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-sample-for-customers" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-sample-for-customers</A></P><P>&nbsp;</P> Sun, 24 May 2020 12:39:33 GMT tupadhyay 2020-05-24T12:39:33Z https://community.fabric.microsoft.com/t5/Developer/How-to-achieve-Row-Level-Security-using-PowerBi-JS-API/m-p/1116498#M23839 <P>I have Power BI Embedded App-Owns data scenario where I have a report configured for Row Level Security, and the report shows different data based on the some of filter parameters I passed from client side.&nbsp;</P><P>&nbsp;</P><P>When client requests report (request generated from client facing website), server side code generates Embed token (this would be server-to-server call =&gt; from my server to PowerBi Service, no data from client space passed to PowerBi Service). I am using PowerBi API to generate Embed token for certain ReportID and DataSet and authentication is taken care correctly.&nbsp; Now this Embed token is passed to client space and there I am using EmbedConfig to embed report. Something like below:&nbsp;</P><PRE>const filter = { $schema: "http://powerbi.com/product/schema#basic", target: { table: "table name", column: "Organization" }, operator: "In", values: ["SomefilterValue"] }; var config = { type: 'report', tokenType: models.TokenType.Embed, accessToken: accessToken, embedUrl: embedUrl, id: embedReportId, permissions: models.Permissions.Read, settings: { filterPaneEnabled: true, navContentPaneEnabled: false } };</PRE><P>&nbsp;</P><P>However, my major concern is in client-side JavaScript scenario.&nbsp; If I am a bad actor, I can just use Chrome developer tools (or Fiddler, or whatever) to get Embed Token. Once I have that embed token, I can use PowerBi Embed Playground and pass various filter parameters. I am really stuck at this point, I think, I am missing something.&nbsp;&nbsp;</P><P>I implmented everything according to :&nbsp;<A href="https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-sample-for-customers" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-sample-for-customers</A></P><P>&nbsp;</P> Sun, 24 May 2020 12:39:33 GMT https://community.fabric.microsoft.com/t5/Developer/How-to-achieve-Row-Level-Security-using-PowerBi-JS-API/m-p/1116498#M23839 tupadhyay 2020-05-24T12:39:33Z