March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early bird discount ends December 31.
Register NowBe one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now
Hi,
i've got an on premise SSAS instance which is configured in powerbi using gateway, configuration is proper as report using dataset from SSAS works from app.powebi and even from embedded report if token is requested using username/password flow.
From security reasons our client demand was to introduce service principal, it is turned on, set as admin on workspace, i've added 'ReadOverrideEffectiveIdentity' to service principle using powerbi dataset api.
Currently when i request embedd token using clientSecret (service principal) it requires EffectiveIdentity to be passed (which was not passed before in this path).
I;ve tested two different approaches:
-passed EffectiveIdentity with identifier = ServicePrincipalObjectId
* i can see in developer tools that https://wabi-north-europe-redirect.analysis.windows.net/powerbi/metadata/models/5330774/?modelOption...
returned 401
-passed currently logged userId (this is normally passed for other datasets pointing directly to database):
*report is embedded but when it's loadingvisuals i get 401 and i can see that 'https://wabi-north-europe- redirect.analysis.windows.net/explore/querydata'
returned "{"error":{"code":"RLSNotAuthorizedForImpersonation","pbi.error":{"code":"RLSNotAuthorizedForImpersonation","parameters":{},"details":[],"exceptionCulprit":1}}}"
Do you have any ideas what should i check next and what is wrong?
I've based my work mostly on:
https://prologika.com/power-bi-embedded-service-principals-and-ssas/
Thanks in advance
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!