Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
Anonymous
Not applicable

Integrate PowerBI Embedded report and Paginated report with RLS

‎04-16-2021 04:45 AM

Hi,

 

I would like to integrate my PowerBI Embedded report with the paginated report. My reports are developed for external customers coming from other companies and we are embedding our PowerBI reports into our product with iframe etc. We have already setup Role Level Security (RLS) for our PowerBI reports which is working well for our customers.

With the paginated report, we would like to link it to our existing PowerBI report. Have gone through some online documentation about integrating PowerBI report and paginated report. I've also tested on my own which was working:

http://www.cittabase.com/integrating-power-bi-report-with-paginated-report/

 

However, the problem is that I am not sure how to get the RLS setup properly in the paginated report. My ultimate goal is to create a link in the PowerBI report that allows user to click on it and redirect to the paginated report page. In other words, the RLS parameters should be passed from the PowerBI report to the Paginated report so that the user can see the relevant data under their user account.

 

The configuration in the above link is working for reports without any RLS concerns, but I am not sure how to setup for the RLS even after reading the below documentation:

https://docs.microsoft.com/en-us/power-bi/developer/embedded/paginated-reports-row-level-security

 

Anyone can guide me how to do this? Thanks.

 

Best regards,

Emily

 

 

 

Labels:
Message 1 of 8
3,004 Views
0
1 ACCEPTED SOLUTION
Jon-Heide
Microsoft Employee
Microsoft Employee
In response to Anonymous

‎04-19-2021 12:10 PM

Yeah in App-Owns-Data scenarios, we're a bit more limited. That said depending on your specific sceanrio, you can also look at the embed-token user filters. The application would need to specificy the user name on the token, then do filtering in the report (this is a secure method). Just look under the "passing the configured parameter using the embed token" at: 

https://docs.microsoft.com/en-us/power-bi/developer/embedded/paginated-reports-row-level-security 

 

Otherwise, at a later date we are looking at using identify blobs, where a token can be used to do real "Single Sign On" auth to the data source. 

 

Hope that helps!

View solution in original post

Message 6 of 8
2,877 Views
7 REPLIES 7
Anonymous
Not applicable

‎02-22-2022 07:26 AM

    This limit is still present at this day. Although i would like to share a solution:

When user sends embedurl request to your application, your application can generate an app "session token" (saved to db with related context , userid, ...). User can then request power bi paginated report with this "session token" by url parameter.

The report can then resolve it's user_id parameter value by retrieving it from db using this session token.

Although not straightforward solution, it's secure and only way found in a app owned embedding where RLS is not applicable.

 

Hope this helps someone.

Message 8 of 8
2,620 Views
0
amitchandak
Super User
Super User

‎04-16-2021 06:06 AM

@Anonymous , RLS with embedded

https://www.youtube.com/watch?v=yNF-_l2f7w0&feature=youtu.be

Paginated embedded

https://docs.microsoft.com/en-us/power-bi/developer/embedded/paginated-reports-row-level-security

Join us as experts from around the world come together to shape the future of data and AI!
At the Microsoft Analytics Community Conference, global leaders and influential voices are stepping up to share their knowledge and help you master the latest in Microsoft Fabric, Copilot, and Purview.
️ November 12th-14th, 2024
 Online Event
Register Here
Message 2 of 8
2,964 Views
0
Anonymous
Not applicable
In response to amitchandak

‎04-16-2021 11:48 AM

@amitchandak 

As mentioned earlier, we are already implementing PowerBI Embedded with RLS as of today.

In addition, I have already read the Paginated Embedded documentation earlier and I found it's difficult to understand the configuration especially how to link PowerBI Report and Paginated report together in consideration of passing the UserId from one to another.

 

Message 3 of 8
2,949 Views
0
Jon-Heide
Microsoft Employee
Microsoft Employee
In response to Anonymous

‎04-16-2021 04:57 PM

Hi Emily - one thing to check, is what style of embedding you are doing. If you are using user owned vs app owned data for the pagainted report. Note that only in user-owns-data sceanrios will the user's context be passed through, and the documented RLS "trick" of filtering on user id in the pagainted report work. https://community.powerbi.com/t5/Developer/App-vs-User-Owns-Data/td-p/300729. Support for app-owned-data scenarios in this case are not yet supported. 

 

One thing you might do (depeding if this is a security filter or not), you could pass the filter context on the pagainted report URL and bind it to a report parameter. Like shown here https://docs.microsoft.com/en-us/power-bi/paginated-reports/report-builder-url-parameters. Just note that anyone could manually change the value, so don't use it for securing data between users. 

 

 

 

Message 4 of 8
2,930 Views
Anonymous
Not applicable
In response to Jon-Heide

‎04-16-2021 11:17 PM

@Jon-Heide Thank you for your reply and well noted your point.

We are using App Own Data for our PowerBI Embedded (external customers), so I think right now there is no way to pass the RLS parameters from PowerBI Report to Paginated Report in a secure way by configuring the URL itself.

I think this is a limitation of PowerBI itself and I hope there will be a solution by Microsoft in the future.

Thanks again for your help!

 

 

Message 5 of 8
2,916 Views
0
Anonymous
Not applicable
In response to Anonymous

‎02-22-2022 06:51 AM

    This limit is still present at this day. Although i would like to share a solution:

When user sends embedurl request to your application, your application can generate an app "session token" (saved to db with related context , userid, ...). User can then request power bi paginated report with this "session token" by url parameter.

The report can then resolve it's user_id parameter value by retrieving it from db using this session token.

Although not straightforward solution, it's secure and only way found in a app owned embedding where RLS is not applicable.

 

Hope this helps someone.

Message 7 of 8
2,622 Views
0
Jon-Heide
Microsoft Employee
Microsoft Employee
In response to Anonymous

‎04-19-2021 12:10 PM

Yeah in App-Owns-Data scenarios, we're a bit more limited. That said depending on your specific sceanrio, you can also look at the embed-token user filters. The application would need to specificy the user name on the token, then do filtering in the report (this is a secure method). Just look under the "passing the configured parameter using the embed token" at: 

https://docs.microsoft.com/en-us/power-bi/developer/embedded/paginated-reports-row-level-security 

 

Otherwise, at a later date we are looking at using identify blobs, where a token can be used to do real "Single Sign On" auth to the data source. 

 

Hope that helps!

Message 6 of 8
2,878 Views

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All