Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends September 15. Request your voucher.

Reply
Anonymous
Not applicable

Implementation of Row Level Security in Power BI Embedded

‎02-06-2022 08:57 PM

Hi everyone!

I am currently working on Embedded Power BI and have succesfully implemented Row-Level-Security (RLS) on the backend side. However, after the implementation, I encountered a few doubts and wanted to further clarify. 

 

Let's say in a workspace, we have reports that have RLS implemented and reports that do not have RLS implemented. If I have implemented RLS on the backend code, I know that reports that do not have RLS implemented will not work. How can I structure my backend code that it will support Power BI Reports that have both RLS and no RLS implemented

I know there is a GetDatasetInGroupAsync() method that returns "a list of datasets from a specified workspace". It also provides a response of "isEffectiveIdentityRequired" which would be True (if RLS is present) otherwise False. I implemented a if-else case using the "isEffectiveIdentityRequired" response however, when many reports with RLS and no RLS are present, the generateTokenRequestParameters and tokenResponse are being overwritten and hence, none of the reports are being displayed. 
I have put the code below, I am aware that there is issue with the logic but I am not able to think about any other way.

foreach (var dataset in datasetList)
{
    if (dataset.EffectiveIdentityRequired == true)
    {
        var effectiveIdentity = new EffectiveIdentity(tenant.Id.ToString(), new List<string> { datasetList.ToString() }, new List<string> {"User"});
        var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: canEdit ? "edit" : "view", null, effectiveIdentity);
        var tokenResponse = await client.EmbedToken.GenerateTokenAsync(new Guid(workspaceId), report.Id, generateTokenRequestParameters);

    }
    else
    {
        // Generate Embed Token for reports without effective identities.
        var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: canEdit ? "edit" : "view", null, null);
        var tokenResponse = await client.Reports.GenerateTokenAsync(new Guid(workspaceId), report.Id, generateTokenRequestParameters);
    }


It would be very helpful if I can get some support to overcome this problem as I have been stuck on it for a while. If there is any Github Repository for reference also, that would be great.Any help and advise would be wonderful. 

Message 1 of 2
404 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable

‎02-09-2022 05:29 PM

Hi @Anonymous,

I think you need to configure (user roles, report dataset bindings) at generated token steps to assign different roles and permissions to the report viewer.

Embed Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Docs
Regards,

Xiaoxin Sheng

View solution in original post

Message 2 of 2
334 Views
0
1 REPLY 1
Anonymous
Not applicable

‎02-09-2022 05:29 PM

Hi @Anonymous,

I think you need to configure (user roles, report dataset bindings) at generated token steps to assign different roles and permissions to the report viewer.

Embed Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Docs
Regards,

Xiaoxin Sheng

Message 2 of 2
335 Views
0

Helpful resources

Announcements
August Power BI Update Carousel

Power BI Monthly Update - August 2025

Check out the August 2025 Power BI update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All