Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Shape the future of the Fabric Community! Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions. Take survey.

Reply
PSA_Swayam
New Member

How to implement Row Level Security in Power BI Embedded?

I am trying to implement row level security in Power BI Embedded downloaded code which has been downloaded from below URL.

https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data/integrate-repo...


I have found a solution which can be implemented in earlier version of Power BI reports code but that is not useful for me. Please find below URL for this.

https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security

I would seek your help to find a solution to implement Row Level Security in above code. I look forward for response on this. Thanks

 

 

5 REPLIES 5
PSA_Swayam
New Member

Hi,

 

I hardly require help to sort this out. Can anyone respond on this. Thanks

Are you using the App-Owns-Data model or the User-Owns-Data model?

 

If you are suing the App-Owns-Data model you must generate an embed token with an EffectiveIdentity to map your user to a UserName and one or more roles. If you are using the User-Owns-Data and UserName is passed autoamtically and you must map each users to their RLS roles in the Power BI service.

 

In either case you can use dynamic RLS with a Users table and a UserPermissions table. Can you be more specific about what you are trying to accomplish?

Thanks for your response.

 

I am using User-Owns-Data to implement my requirement.

 

I have successfully implemented displaying reports list based on workspace/group id and able to display report data when user click on particular report from the list. This is working as expected.

 

Now, I have to apply Row Level Security for the reports. i.e., based on the role of the user, report data to be filtered and only reports should be displayed based on filtered data. I have tried but didn't get a solution for this.

 

Please see below screenshot of code to give you an idea how I am getting access token from authentication result. I am using the access token to get reports list and to display individual report.

 

Lines of code to get Access TokenLines of code to get Access TokenCode to get reports list using generated Access TokenCode to get reports list using generated Access TokenCode to get selected report data using generated Access TokenCode to get selected report data using generated Access Token

I think I need to make changes in code. But I would require your help to get this sorted. Thanks

 

If you are using User-Owns-Data then there is much less work to do. When using App-Owns-Data you must programatically generate an embed code with the RLS roles inside. But with User-Owns-Data, all of RLS is configured external to your applation.

 

Here are the basic steps.

  1. Add RLS roles to your Power BI Desktop project
  2. Publish the Power BI Desktop project to an app workspace
  3. In the Power BI Service, configure the users and groups for each role.
  4. Use Power BI embedding using the Azure AD access token created for each user.

At this point, RLS should work and Power BI embedding should only display the data for each user based on the role(s) they are in. I think you should be able to accomplsh this without any changes to your current application.

@TedPattison  - What should be the solution for Apps Own Data Scenario? I'm also facing the similar problem with my embedded reports. Embedding works as expected but not the Row level security. Here is my scenario - 

 

1. Data Source - SQL Server On-premise

2. Dynamic RLS is configued in Power BI Desktop

3. Published Reports to Premium Capacity, upgraded Workspace

4. Embedded Solution - Apps Own Data using JavaScript (used GenerateToken method)

5. Added EffectiveIdentity as below in the JavaScript GenerateToken Call.

 

{
    "accessLevel": "View",
    "identities": [
        {
            "username": "EffectiveIdentity",
            "roles": [ "Role1", "Role2" ],
            "customData": "MyCustomData",
            "datasets": [ "fe0a1aeb-f6a4-4b27-a2d3-b5df3bb28bdc" ]
        }
    ]
}

 

 

What am I missing here? Thank you! 

Helpful resources

Announcements
November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

Top Solution Authors