Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Fabric Certified for FREE during Fabric Data Days. Don't miss your chance! Request now

Reply
Anonymous
Not applicable

Implementation of Row Level Security in Power BI Embedded

‎02-06-2022 08:57 PM

Hi everyone!

I am currently working on Embedded Power BI and have succesfully implemented Row-Level-Security (RLS) on the backend side. However, after the implementation, I encountered a few doubts and wanted to further clarify. 

 

Let's say in a workspace, we have reports that have RLS implemented and reports that do not have RLS implemented. If I have implemented RLS on the backend code, I know that reports that do not have RLS implemented will not work. How can I structure my backend code that it will support Power BI Reports that have both RLS and no RLS implemented

I know there is a GetDatasetInGroupAsync() method that returns "a list of datasets from a specified workspace". It also provides a response of "isEffectiveIdentityRequired" which would be True (if RLS is present) otherwise False. I implemented a if-else case using the "isEffectiveIdentityRequired" response however, when many reports with RLS and no RLS are present, the generateTokenRequestParameters and tokenResponse are being overwritten and hence, none of the reports are being displayed. 
I have put the code below, I am aware that there is issue with the logic but I am not able to think about any other way.

foreach (var dataset in datasetList)
{
    if (dataset.EffectiveIdentityRequired == true)
    {
        var effectiveIdentity = new EffectiveIdentity(tenant.Id.ToString(), new List<string> { datasetList.ToString() }, new List<string> {"User"});
        var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: canEdit ? "edit" : "view", null, effectiveIdentity);
        var tokenResponse = await client.EmbedToken.GenerateTokenAsync(new Guid(workspaceId), report.Id, generateTokenRequestParameters);

    }
    else
    {
        // Generate Embed Token for reports without effective identities.
        var generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: canEdit ? "edit" : "view", null, null);
        var tokenResponse = await client.Reports.GenerateTokenAsync(new Guid(workspaceId), report.Id, generateTokenRequestParameters);
    }


It would be very helpful if I can get some support to overcome this problem as I have been stuck on it for a while. If there is any Github Repository for reference also, that would be great.Any help and advise would be wonderful. 

Message 1 of 2
429 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable

‎02-09-2022 05:29 PM

Hi @Anonymous,

I think you need to configure (user roles, report dataset bindings) at generated token steps to assign different roles and permissions to the report viewer.

Embed Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Docs
Regards,

Xiaoxin Sheng

View solution in original post

Message 2 of 2
359 Views
0
1 REPLY 1
Anonymous
Not applicable

‎02-09-2022 05:29 PM

Hi @Anonymous,

I think you need to configure (user roles, report dataset bindings) at generated token steps to assign different roles and permissions to the report viewer.

Embed Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Docs
Regards,

Xiaoxin Sheng

Message 2 of 2
360 Views
0

Helpful resources

Announcements
Fabric Data Days Carousel

Fabric Data Days

Advance your Data & AI career with 50 days of live learning, contests, hands-on challenges, study groups & certifications and more!

October Power BI Update Carousel

Power BI Monthly Update - October 2025

Check out the October 2025 Power BI update to learn about new features.

FabCon Atlanta 2026 carousel

FabCon Atlanta 2026

Join us at FabCon Atlanta, March 16-20, for the ultimate Fabric, Power BI, AI and SQL community-led event. Save $200 with code FABCOMM.

View All