Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Grow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.

Reply
CoulterJames2
Frequent Visitor

Implement Power BI Embedded with RLS

I am working with a clientwho wants to share a Power BI report with users outside their organisation using Power BI Embedded. The customer is a supplier of materials to the healthcare industry and they want to show their customers a dashboard of their spend to date through their online e-commerce platform. The idea is that the report and data model would implement dynamic RLS so that each end user sees only their own spending data. In an ideal scenario, the external customer would not have to be set up in the client's Azure AD/Entra ID, and the end user would not have to sign in to Power BI in order to view the report. Is this a supported scenario? I've looked extensively into the various options for embedding Power BI and one solution seems to involve configuring roles in the Power BI service, then adding users to roles, but the users a) have to exist in Entra ID and b) will need to sign in before they can view the report. The other option seems to involve using a service principal to connect to Power BI, but it's not clear how the user credentials get passed to Power BI so that the data is filtered via RLS. Is this controlled through the embed tokens?

I've tried to set up a demo environment internally first and have got as far as the following steps: 

  1. Provisioned a Power BI Embedded capacity
  2. Created a workspace and assigned it to the capacity
  3. Created a simple report using dynamic row-level security to filter the content of the report based on the identity of the logged-in user. This works fine when tested in Power BI Desktop (using View As) and also in the Power BI service. The users I have tested it with exist in my Azure AD/Entra tenant. In the customer's scenario they would prefer not to have to invite external users to their Entra tenant.
  4. Created an App Registration in Azure, added it to a security group, and granted access to the read-only API permissions for Power BI (I did this using the Power BI Embedded set up tool at: https://app.powerbi.com/embedsetup)
  5. In Power BI tenant admin settings, enabled REST API endpoints for Service Principals and added the security group created in the previous step.
  6. Gave the security group Admin access on the workspace.

I'm now at the point where I'm using one of the "AppOwnsData" sample projects to test the embedding, but what is not made clear is how the user credentials get passed through to Power BI in order for the content to be filtered to the user. Are there links to any resources that show me what the next steps are to get this working?

As a side note, when I run the sample solution it fails to retrieve the embed token with http error 500 "bad request" so seems like something is wrong in my setup.

 

1 ACCEPTED SOLUTION
v-yiruan-msft
Community Support
Community Support

Hi @CoulterJames2 ,

You can refer the following links to embed the report with RLS:

Using standard cloud based row-level security with embedded content in Power BI embedded analytics

Power BI Embedded: Convention-based dynamic Row-level Security 

Enable Row Level Security (RLS) and Embed PowerBI Dashboard in an Application 

vyiruanmsft_0-1711693834648.png

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

1 REPLY 1
v-yiruan-msft
Community Support
Community Support

Hi @CoulterJames2 ,

You can refer the following links to embed the report with RLS:

Using standard cloud based row-level security with embedded content in Power BI embedded analytics

Power BI Embedded: Convention-based dynamic Row-level Security 

Enable Row Level Security (RLS) and Embed PowerBI Dashboard in an Application 

vyiruanmsft_0-1711693834648.png

Best Regards

Community Support Team _ Rena
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
RTI Forums Carousel3

New forum boards available in Real-Time Intelligence.

Ask questions in Eventhouse and KQL, Eventstream, and Reflex.

MayPowerBICarousel

Power BI Monthly Update - May 2024

Check out the May 2024 Power BI update to learn about new features.