Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.
The documentation (https://learn.microsoft.com/en-us/rest/api/power-bi/embed-token/generate-token#examples) contains quite some examples on how to generate a token. But our use case does not seem to be documented. We are confused whether we are trying to use dynamic RLS in the wrong way. Or are just generating our embedded token incorrectly.
Our token request looks as follows:
{
"datasets": [
{
"id": "3bff762b-...-1e1dabe41b3e"
}
],
"reports": [
{
"id": "e16f0244-...-97ceda22e823"
}
],
"targetWorkspaces": [
{
"id": "beca21a6-...-17f65322eb31"
}
],
"identities": [
{
"username": "user.name@domain.be",
"datasets": [
"3bff762b-...-1e1dabe41b3e"
],
"roles": [
"EMAIL"
]
},
{
"username": "BusinessDefault",
"datasets": [
"3bff762b-...-1e1dabe41b3e"
],
"roles": [
"CompanyCode"
]
},
{
"username": "Default",
"datasets": [
"3bff762b-...-1e1dabe41b3e"
],
"roles": [
"DomainCode"
]
},
{
"username": "Business",
"datasets": [
"3bff762b-...-1e1dabe41b3e"
],
"roles": [
"SystemCode"
]
},
{
"username": "Administrators",
"datasets": [
"3bff762b-...-1e1dabe41b3e"
],
"roles": [
"DatabaseRole"
]
}
]
}
This results in the API responding with following error:
Status: BadRequest (400)
Response: {"error":{"code":"InvalidRequest","message":"Multiple identities provided for dataset 3bff762b-c82b-4256-9ed2-1e1dabe41b3e"}}
We've tried removing the datasets parameter in the identities, only provide it to one identity, ... But every possible scenario gives us an exception when generating the token.
When just using one identity, the token generates fine. But the moment we add a second identity. Things no longer seem to work.
Our report datamodel looks as follows:
any additional help would be appreciated. We haven't been able to make progress on this issue.
In "App owns data" you are generating a token for the user who views the embedded report. Power BI has no knowledge about that user. Only your application has that knowledge. The way to tell Power BI which RLS context (role, userename, etc.) should be used for the current user viewing the report is with the effective identity.
So why are you providing more than 1 effective identity for the same dataset? How will Power BI know which of those identities should be used when fetching the data from the dataset? I believe there should be a single identity with only 1 username. and possibly multiple roles.
HI @MaartenInc,
I'd like to suggest you take a look at the following link that mention similar issue if it helps with your scenario:
Solved: Re: Embed BI, App owns data, dynamic RLS multiple ... - Microsoft Power BI Community
Regards,
Xiaoxin Sheng
Thanks for the quick response @v-shex-msft. Unfortunately the solution provided in that question doesn't solve the issue.
The "username" values are different are also different across the roles.
User | Count |
---|---|
16 | |
5 | |
2 | |
1 | |
1 |
User | Count |
---|---|
22 | |
3 | |
3 | |
2 | |
1 |