https://community.fabric.microsoft.com/t5/Developer/Row-Level-Security-with-Power-BI-Embedded-and-Azure-Analysis/m-p/261547#M8057 <BLOCKQUOTE><HR />@Anonymous wrote:<BR /> <P>We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.</P> <P>&nbsp;</P> <P>One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.</P> <P>&nbsp;</P> <P><STRONG>Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop.</STRONG> However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, <STRONG>then not add any members to these roles and instead pass in the Role and Username at the embed token creation point</STRONG> and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?</P> <P>&nbsp;</P> <P>Please let me know if that doesn't make sense and I'll try a different way of explaining it!</P> <P>&nbsp;</P> <P>Thanks!</P> <HR /></BLOCKQUOTE> <P>@Anonymous</P> <P>In import mode(opposite to live connection), the internal roles in AAS has nothing to do with the roles defined in Power BI desktop. In scenario&nbsp;<A href="https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-embedding/#embedding-with-non-power-bi-users-app-owns-data" target="_self">Embedding with non-Power BI users (app owns data)</A>, you can pass roles and usersname at embed token creation. See&nbsp;<A href="https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-embedded-rls/" target="_self">Row-level security (RLS) with embedded analytics</A></P> Fri, 29 Sep 2017 09:43:20 GMT Eric_Zhang 2017-09-29T09:43:20Z https://community.fabric.microsoft.com/t5/Developer/Row-Level-Security-with-Power-BI-Embedded-and-Azure-Analysis/m-p/260765#M8038 <P>We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.</P><P>&nbsp;</P><P>One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.</P><P>&nbsp;</P><P>Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop. However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, then not add any members to these roles and instead pass in the Role and Username at the embed token creation point and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?</P><P>&nbsp;</P><P>Please let me know if that doesn't make sense and I'll try a different way of explaining it!</P><P>&nbsp;</P><P>Thanks!</P> Thu, 28 Sep 2017 09:28:40 GMT https://community.fabric.microsoft.com/t5/Developer/Row-Level-Security-with-Power-BI-Embedded-and-Azure-Analysis/m-p/260765#M8038 Anonymous 2017-09-28T09:28:40Z https://community.fabric.microsoft.com/t5/Developer/Row-Level-Security-with-Power-BI-Embedded-and-Azure-Analysis/m-p/261547#M8057 <BLOCKQUOTE><HR />@Anonymous wrote:<BR /> <P>We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.</P> <P>&nbsp;</P> <P>One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.</P> <P>&nbsp;</P> <P><STRONG>Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop.</STRONG> However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, <STRONG>then not add any members to these roles and instead pass in the Role and Username at the embed token creation point</STRONG> and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?</P> <P>&nbsp;</P> <P>Please let me know if that doesn't make sense and I'll try a different way of explaining it!</P> <P>&nbsp;</P> <P>Thanks!</P> <HR /></BLOCKQUOTE> <P>@Anonymous</P> <P>In import mode(opposite to live connection), the internal roles in AAS has nothing to do with the roles defined in Power BI desktop. In scenario&nbsp;<A href="https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-embedding/#embedding-with-non-power-bi-users-app-owns-data" target="_self">Embedding with non-Power BI users (app owns data)</A>, you can pass roles and usersname at embed token creation. See&nbsp;<A href="https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-embedded-rls/" target="_self">Row-level security (RLS) with embedded analytics</A></P> Fri, 29 Sep 2017 09:43:20 GMT https://community.fabric.microsoft.com/t5/Developer/Row-Level-Security-with-Power-BI-Embedded-and-Azure-Analysis/m-p/261547#M8057 Eric_Zhang 2017-09-29T09:43:20Z