Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
Anonymous
Not applicable

Row-Level Security with Power BI Embedded and Azure Analysis Services

‎09-28-2017 02:28 AM

We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.

 

One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.

 

Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop. However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, then not add any members to these roles and instead pass in the Role and Username at the embed token creation point and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?

 

Please let me know if that doesn't make sense and I'll try a different way of explaining it!

 

Thanks!

Labels:
Message 1 of 2
16,108 Views
0
1 ACCEPTED SOLUTION
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎09-29-2017 02:43 AM
@Anonymous wrote:

We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.

 

One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.

 

Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop. However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, then not add any members to these roles and instead pass in the Role and Username at the embed token creation point and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?

 

Please let me know if that doesn't make sense and I'll try a different way of explaining it!

 

Thanks!

@Anonymous

In import mode(opposite to live connection), the internal roles in AAS has nothing to do with the roles defined in Power BI desktop. In scenario Embedding with non-Power BI users (app owns data), you can pass roles and usersname at embed token creation. See Row-level security (RLS) with embedded analytics

View solution in original post

Message 2 of 2
16,817 Views
0
1 REPLY 1
Eric_Zhang
Microsoft Employee
Microsoft Employee

‎09-29-2017 02:43 AM
@Anonymous wrote:

We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.

 

One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.

 

Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop. However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, then not add any members to these roles and instead pass in the Role and Username at the embed token creation point and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?

 

Please let me know if that doesn't make sense and I'll try a different way of explaining it!

 

Thanks!

@Anonymous

In import mode(opposite to live connection), the internal roles in AAS has nothing to do with the roles defined in Power BI desktop. In scenario Embedding with non-Power BI users (app owns data), you can pass roles and usersname at embed token creation. See Row-level security (RLS) with embedded analytics

Message 2 of 2
16,818 Views
0

Helpful resources

Announcements
July PBI25 Carousel

Power BI Monthly Update - July 2025

Check out the July 2025 Power BI update to learn about new features.

Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All