Solved: Re: Power Bi embedded

Syndicate_Admin · ‎10-15-2025

Hello everyone, I hope you have a happy day,

I have this problem, I don't know if I have any alternative.

In the company we have pro licenses for 2 users who are the ones who publish the reports (private) but the users have already uploaded and there is no capacity to pay for all the licenses, you want to contract a power bi embedded license and make the entire organization or a specific staff see the reports to which they have permission, we didn't want to expose the URL in an iframe because it goes beyond the security of the company, the question is with power bi embedded this could be handled, since we saw that everything changed with power bi premium. That it is desired that a user to view the report has to enter the application that is created or if bi embedded can already be handled as a portal system where roles and permissions are managed and if it is not the case we develop the application, but that in this sense the user has to log in to the developed application to see the report, and apart from the report that you see has to have the administrator's permissions so that that user can see it, and if you enter to see the code of the application and get the link that can ask for user credentials to see it, I don't know if this can be done, I am attentive to any recommendation since we do not want the URL to be exposed.

Thank you very much and greetings to all.

v-sshirivolu · ‎10-21-2025

Hi @Syndicate_Admin ,

Thanks for your follow up, your questions are completely understandable. With Power BI Embedded, you don’t need to assign access to each user directly in Power BI ....instead, your application handles all access. Users log in through your portal using Azure AD authentication, and the portal generates temporary embed tokens for the reports each user is allowed to see. You can also apply row level security (RLS) so users only see the data they are permitted to access. To be very clear, Power BI Embedded itself does not provide a built-in portal for managing permissions, all access control is handled securely within your application through these embed tokens. This approach gives you full flexibility and security without needing a separate portal inside Power BI. Your two Pro users continue to create and publish reports in a workspace enabled for Embedded or Premium capacity, and the application uses the Power BI API to embed those reports for end users. Users never log in directly to the Power BI Service, they only view the reports through the portal. Embed tokens are temporary and time limited, so even if someone copies an iframe, it won’t work after expiration, and tokens can be revoked or rotated if needed. Unlike public iframes, embedded reports remain private, preventing former employees from accessing them. In short, this approach centralizes permissions in your application, keeps URLs and iframes secure, allows RLS, and scales report access across the organization without requiring every user to have a Pro license, ensuring fully secure and controlled report viewing.

Regards,
Sreeteja

View solution in original post

v-sshirivolu · ‎10-16-2025

Hi @Syndicate_Admin ,
Thanks for reaching out to Community Forum.

You can definitely use Power BI Embedded to meet your requirement without exposing the report URL or needing every user to have a Pro license. The common way to handle this is by creating a secure application or portal where your users log in. From there, the application generates embed tokens for the reports based on each user’s role and permissions. These tokens are temporary and secure, so even if someone inspects the code, they won’t be able to access the report without proper authentication. You can also set up row level security in your reports so each user only sees the data they’re allowed to see. This way, the report itself never gets exposed publicly, and users don’t need individual Pro licenses , they just access it through your secure portal using the embedded token. With Power BI Embedded, you can provide secure report access, control roles and permissions, keep URLs private, and scale report viewing across your organization without giving everyone a Pro license. It’s a solid approach if you want central control while keeping things secured.
Regards,
Sreeteja.

Syndicate_Admin · ‎10-16-2025

Thank you for taking the time to answer and clarify these questions.
which suggests other questions:
I understand and it was already taken into account to develop the application and give it authentication with Microsoft (Azure) the issue that I am still not clear about and I must have a firm basis to be able to explain and carry out this solution, the people who generate the reports in the organization are 2, with their Pro licenses each, I can understand that at this point the Embedded license is not less expensive but in the future yes since the company is growing, my questions arise is from; How can or where are people given permission to view such reports? How would those 2 users publish (right now they do it from the service and share the iframe or links to some public and others private) the reports and the web portal that is developed can be visualized? The permissions to the reports as I mentioned above, I would not want to do them from the web portal but from some portal (if it has one) from Power BI Embedded.

Regarding the issue of URLs it is not clear to me yet, let's place this example. if user A has permissions to view an accounting report, they have some technological knowledge and can go into the code and take the inframe that is exposed there to display the report. That user resigns from the organization but has the report iframe with them. If you share it with someone else, could you see it? I understand that when we publish a report in power Bi service there are 2 ways to incur iframe, the public and the private in this case that I mention, as it would be.
Thank you very much again for the time spent and apologies if I am very mishaps in some questions since I do not have much knowledge on the subject.
Thank you very much, dear ones.

v-sshirivolu · ‎10-21-2025

Hi @Syndicate_Admin ,

Thanks for your follow up, your questions are completely understandable. With Power BI Embedded, you don’t need to assign access to each user directly in Power BI ....instead, your application handles all access. Users log in through your portal using Azure AD authentication, and the portal generates temporary embed tokens for the reports each user is allowed to see. You can also apply row level security (RLS) so users only see the data they are permitted to access. To be very clear, Power BI Embedded itself does not provide a built-in portal for managing permissions, all access control is handled securely within your application through these embed tokens. This approach gives you full flexibility and security without needing a separate portal inside Power BI. Your two Pro users continue to create and publish reports in a workspace enabled for Embedded or Premium capacity, and the application uses the Power BI API to embed those reports for end users. Users never log in directly to the Power BI Service, they only view the reports through the portal. Embed tokens are temporary and time limited, so even if someone copies an iframe, it won’t work after expiration, and tokens can be revoked or rotated if needed. Unlike public iframes, embedded reports remain private, preventing former employees from accessing them. In short, this approach centralizes permissions in your application, keeps URLs and iframes secure, allows RLS, and scales report access across the organization without requiring every user to have a Pro license, ensuring fully secure and controlled report viewing.

Regards,
Sreeteja

v-sshirivolu · ‎10-29-2025

Hi @Syndicate_Admin ,

I hope the information provided above assists you in resolving the issue. If you have any additional questions or concerns, please do not hesitate to contact us. We are here to support you and will be happy to help with any further assistance you may need.

v-sshirivolu · ‎11-05-2025

Hi @Syndicate_Admin ,
I hope the above details help you fix the issue. If you still have any questions or need more help, feel free to reach out. We’re always here to support you

Kedar_Pande · ‎10-15-2025

You build a custom application (web portal) where users authenticate. Your application handles user permissions and requests the specific Power BI report from the Embedded service. The report URL is never exposed to the end-user—it's only used server-side within your application.

This provides full control over security and access without requiring Pro licenses for every viewer.

Syndicate_Admin · ‎10-16-2025

from the web application or web portal I would only like to give permissions but to see the section, not permissions to the user, I would like to handle that directly from the report as it is normally done in power BI services.

maybe I need something more in-depth on how to do, since videos or documentation is years ago, and I know that power Bi changed these policies this year.

Ritaf1983 · ‎10-15-2025

Hi @Syndicate_Admin

Power BI Embedded is designed for embedding reports securely inside custom applications or websites, but it’s not a cheaper alternative to buying Pro or Premium per user licenses.

A few key points:

Embedded runs on dedicated capacity (A SKUs) billed hourly, so it can actually be more expensive if you only have a limited number of users.
It requires developing an application or portal to handle authentication, roles, and token generation for each viewer.
The advantage is that viewers don’t need individual Power BI licenses, but the overall cost and setup complexity increase.
If your audience is internal and relatively small, Premium per user or Premium capacity is usually simpler and more cost-effective.

Regarding your concern about the URL exposure – Embedded doesn’t make report URLs public.
Access is controlled by your application, and the users must authenticate through the app to receive a secure token that grants access.
So even if someone tries to extract the link, it won’t load without a valid token.

If this post helps, then please consider Accepting it as the solution to help the other members find it more quickly

Regards,
Rita Fainshtein | Microsoft MVP
https://www.linkedin.com/in/rita-fainshtein/
Blog : https://www.madeiradata.com/profile/ritaf/profile

Syndicate_Admin · ‎10-16-2025

In this sense, the Azure administrator had already been requested to create or take the SKU A space but I wouldn't know what to ask (I know it's clientID TenatID apart from that I don't know what else) for my application to work or my reports to work, I don't know if every time a report is going to be uploaded the administrator would have to give me the report ID.

Power Bi embedded

Helpful resources

Power BI Monthly Update - November 2025

Fabric Data Days

FabCon Atlanta 2026

How to Get Your Question Answered Quickly

Fabric Data Days starts November 4th!

Power Bi embedded

Helpful resources

Power BI Monthly Update - November 2025

Fabric Data Days

FabCon Atlanta 2026

How to Get Your Question Answered Quickly