Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Get certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now

Reply
rnehrboss
Helper II
Helper II

embedded javascript security risk question

Hi,

I've gotte embedding with a capacity working.

I check to see what user is logged in and create a filter to pass through the javascirpt API.

Power BI works great shows charts with filtering etc.

 

I'm now concerned about the security implications.

If I load the page and then view page source, I see the javasciprt with the access and embed tokens, as well as my filters. 

It seems like someone had access to the page, they could just take the page source, and change filters and create a new page that would give them access to other data (not allowed based on their own filters).

 

Am I missing something?  

I don't want to use Row Level Security, because we manage users and persmissions in web app.

 

Thanks!

 

2 REPLIES 2
v-chenwuz-msft
Community Support
Community Support

Hi @rnehrboss ,

 

The problem is that different users will get the same token. For the dataset, the kind of data it can give to the user is based on the token.

 

If you want different users to get different tokens with different permissions, then there are only two ways to do that according to the official documentation.

 

For more details, you can refer this link.

Generate an embed token in Power BI embedded analytics - Power BI | Microsoft Docs

 

Best Regards

Community Support Team _ chenwu zhu

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

rnehrboss
Helper II
Helper II

anyone knowlegable on this?

Helpful resources

Announcements
November Carousel

Fabric Community Update - November 2024

Find out what's new and trending in the Fabric Community.

Live Sessions with Fabric DB

Be one of the first to start using Fabric Databases

Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.

Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.

Nov PBI Update Carousel

Power BI Monthly Update - November 2024

Check out the November 2024 Power BI update to learn about new features.

Top Kudoed Authors