Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
Anonymous
Not applicable

PowerBI Embded Java script filters security

‎04-08-2018 10:15 AM

Hello. 

I have a question that might be my problem of understanding power bi embeded security.

I managed to create own app application using power bi embedded A1 capacity with Azure Analysis Service cube as data source and RLS.....

 

For ISV sharing (with my customers) I use a Native Azure AD app for OAUTH autentication using single master Service account on AD. I Also use Azure key valut to get such user account so it is not part of the application code.....

 

All work fine and I get the report open in browser. 

I applied Javascript Filter to the report and it also work fine.

My concern is >

when I do view source for the html page I can see the access token variable together with report id... and the java script filter.

 

with all 3 variables what will prevent a customer from taking the access token to write his own html, but will change the java script filter to something else (another customer name).

 

I tried it myself taking the access token and report Id from my app and put it in this demo site page https://microsoft.github.io/PowerBI-JavaScript/demo/v2-demo/index.html#

and I got the full report with no filters.

 

Labels:
Message 1 of 3
991 Views
0
1 ACCEPTED SOLUTION
Anonymous
Not applicable

‎04-09-2018 02:52 AM
Problem solved.
I needed to use roles in the embedded code before I generate the access token.
Like that access token is generated just for this role and the java scrip filter just filter from the results such role can view.
I wish such could be done also with on premise report server 🙂

View solution in original post

Message 2 of 3
1,114 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎04-09-2018 02:52 AM
Problem solved.
I needed to use roles in the embedded code before I generate the access token.
Like that access token is generated just for this role and the java scrip filter just filter from the results such role can view.
I wish such could be done also with on premise report server 🙂
Message 2 of 3
1,115 Views
0
raylopez
Frequent Visitor
In response to Anonymous

‎09-27-2018 11:30 AM

So, If I create a Power BI Report for my customers, and I have hundreds of customers, do I need to create hundreds of roles and tokens?

Message 3 of 3
827 Views

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All