Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Try your skills in the Power BI Dataviz World Championship! Round one ends June 26. Join now

Reply
Anonymous
Not applicable

Row-Level Security with Power BI Embedded and Azure Analysis Services

‎09-28-2017 02:28 AM

We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.

 

One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.

 

Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop. However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, then not add any members to these roles and instead pass in the Role and Username at the embed token creation point and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?

 

Please let me know if that doesn't make sense and I'll try a different way of explaining it!

 

Thanks!

Labels:
Message 1 of 2
16,297 Views
0
1 ACCEPTED SOLUTION
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎09-29-2017 02:43 AM
@Anonymous wrote:

We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.

 

One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.

 

Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop. However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, then not add any members to these roles and instead pass in the Role and Username at the embed token creation point and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?

 

Please let me know if that doesn't make sense and I'll try a different way of explaining it!

 

Thanks!

@Anonymous

In import mode(opposite to live connection), the internal roles in AAS has nothing to do with the roles defined in Power BI desktop. In scenario Embedding with non-Power BI users (app owns data), you can pass roles and usersname at embed token creation. See Row-level security (RLS) with embedded analytics

View solution in original post

Message 2 of 2
17,006 Views
0
1 REPLY 1
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎09-29-2017 02:43 AM
@Anonymous wrote:

We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.

 

One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.

 

Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop. However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, then not add any members to these roles and instead pass in the Role and Username at the embed token creation point and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?

 

Please let me know if that doesn't make sense and I'll try a different way of explaining it!

 

Thanks!

@Anonymous

In import mode(opposite to live connection), the internal roles in AAS has nothing to do with the roles defined in Power BI desktop. In scenario Embedding with non-Power BI users (app owns data), you can pass roles and usersname at embed token creation. See Row-level security (RLS) with embedded analytics

Message 2 of 2
17,007 Views
0

Helpful resources

Announcements
Fabric Data Days is here Carousel

Fabric Data Days 2026

Don't miss out on Data Days, June 15 through August 7. Learn Fabric, Power BI, SQL, AI and more.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All