Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, the Microsoft Fabric Community team will be offering free DP-600 exam vouchers. Prepare now

Reply
Anonymous
Not applicable

Integrate PowerBI Embedded report and Paginated report with RLS

Hi,

 

I would like to integrate my PowerBI Embedded report with the paginated report. My reports are developed for external customers coming from other companies and we are embedding our PowerBI reports into our product with iframe etc. We have already setup Role Level Security (RLS) for our PowerBI reports which is working well for our customers.

With the paginated report, we would like to link it to our existing PowerBI report. Have gone through some online documentation about integrating PowerBI report and paginated report. I've also tested on my own which was working:

http://www.cittabase.com/integrating-power-bi-report-with-paginated-report/

 

However, the problem is that I am not sure how to get the RLS setup properly in the paginated report. My ultimate goal is to create a link in the PowerBI report that allows user to click on it and redirect to the paginated report page. In other words, the RLS parameters should be passed from the PowerBI report to the Paginated report so that the user can see the relevant data under their user account.

 

The configuration in the above link is working for reports without any RLS concerns, but I am not sure how to setup for the RLS even after reading the below documentation:

https://docs.microsoft.com/en-us/power-bi/developer/embedded/paginated-reports-row-level-security

 

Anyone can guide me how to do this? Thanks.

 

Best regards,

Emily

 

 

 

1 ACCEPTED SOLUTION

Yeah in App-Owns-Data scenarios, we're a bit more limited. That said depending on your specific sceanrio, you can also look at the embed-token user filters. The application would need to specificy the user name on the token, then do filtering in the report (this is a secure method). Just look under the "passing the configured parameter using the embed token" at: 

https://docs.microsoft.com/en-us/power-bi/developer/embedded/paginated-reports-row-level-security 

 

Otherwise, at a later date we are looking at using identify blobs, where a token can be used to do real "Single Sign On" auth to the data source. 

 

Hope that helps!

View solution in original post

7 REPLIES 7
Anonymous
Not applicable

    This limit is still present at this day. Although i would like to share a solution:

When user sends embedurl request to your application, your application can generate an app "session token" (saved to db with related context , userid, ...). User can then request power bi paginated report with this "session token" by url parameter.

The report can then resolve it's user_id parameter value by retrieving it from db using this session token.

Although not straightforward solution, it's secure and only way found in a app owned embedding where RLS is not applicable.

 

Hope this helps someone.

amitchandak
Super User
Super User

@Anonymous , RLS with embedded

https://www.youtube.com/watch?v=yNF-_l2f7w0&feature=youtu.be

Paginated embedded

https://docs.microsoft.com/en-us/power-bi/developer/embedded/paginated-reports-row-level-security

Join us as experts from around the world come together to shape the future of data and AI!
At the Microsoft Analytics Community Conference, global leaders and influential voices are stepping up to share their knowledge and help you master the latest in Microsoft Fabric, Copilot, and Purview.
️ November 12th-14th, 2024
 Online Event
Register Here
Anonymous
Not applicable

@amitchandak 

As mentioned earlier, we are already implementing PowerBI Embedded with RLS as of today.

In addition, I have already read the Paginated Embedded documentation earlier and I found it's difficult to understand the configuration especially how to link PowerBI Report and Paginated report together in consideration of passing the UserId from one to another.

 

Hi Emily - one thing to check, is what style of embedding you are doing. If you are using user owned vs app owned data for the pagainted report. Note that only in user-owns-data sceanrios will the user's context be passed through, and the documented RLS "trick" of filtering on user id in the pagainted report work. https://community.powerbi.com/t5/Developer/App-vs-User-Owns-Data/td-p/300729. Support for app-owned-data scenarios in this case are not yet supported. 

 

One thing you might do (depeding if this is a security filter or not), you could pass the filter context on the pagainted report URL and bind it to a report parameter. Like shown here https://docs.microsoft.com/en-us/power-bi/paginated-reports/report-builder-url-parameters. Just note that anyone could manually change the value, so don't use it for securing data between users. 

 

 

 

Anonymous
Not applicable

@Jon-Heide Thank you for your reply and well noted your point.

We are using App Own Data for our PowerBI Embedded (external customers), so I think right now there is no way to pass the RLS parameters from PowerBI Report to Paginated Report in a secure way by configuring the URL itself.

I think this is a limitation of PowerBI itself and I hope there will be a solution by Microsoft in the future.

Thanks again for your help!

 

 

Anonymous
Not applicable

    This limit is still present at this day. Although i would like to share a solution:

When user sends embedurl request to your application, your application can generate an app "session token" (saved to db with related context , userid, ...). User can then request power bi paginated report with this "session token" by url parameter.

The report can then resolve it's user_id parameter value by retrieving it from db using this session token.

Although not straightforward solution, it's secure and only way found in a app owned embedding where RLS is not applicable.

 

Hope this helps someone.

Yeah in App-Owns-Data scenarios, we're a bit more limited. That said depending on your specific sceanrio, you can also look at the embed-token user filters. The application would need to specificy the user name on the token, then do filtering in the report (this is a secure method). Just look under the "passing the configured parameter using the embed token" at: 

https://docs.microsoft.com/en-us/power-bi/developer/embedded/paginated-reports-row-level-security 

 

Otherwise, at a later date we are looking at using identify blobs, where a token can be used to do real "Single Sign On" auth to the data source. 

 

Hope that helps!

Helpful resources

Announcements
OCT PBI Update Carousel

Power BI Monthly Update - October 2024

Check out the October 2024 Power BI update to learn about new features.

September Hackathon Carousel

Microsoft Fabric & AI Learning Hackathon

Learn from experts, get hands-on experience, and win awesome prizes.

October NL Carousel

Fabric Community Update - October 2024

Find out what's new and trending in the Fabric Community.