Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started

Reply
wasiqkhan
Frequent Visitor

Embed authenticate Process with service principal

Hi, I want to embed a report in my Azure web app where users can log in with their ID and see only their own data.

Can you tell me what logic I can apply to get specific user data in my embedded report?

If I use the service principal method and apply Row-Level Security (RLS), how does Power BI know who the user is logging into my web app, and what parameter do I pass in the RLS report?
Do I filter data using GUID?

 

 

 
 

 

1 ACCEPTED SOLUTION
v-xiandat-msft
Community Support
Community Support

Hi @wasiqkhan ,

With row-level security (RLS), the identifier you use can be different from the identifier of the service subject or primary user used to generate the token. Using a different identifier allows you to display embedded information based on the target user. If you are using RLS, you can sometimes leave the user identification (EffectiveIdentity parameter) unspecified. If you do not use the EffectiveIdentity parameter, the token can access the entire database. This method can be used to grant access to users such as administrators and managers who have permission to view the entire semantic model.

Here are the steps to achieve this
   1.Start by defining roles in the Power BI Desktop file. These roles should reflect the different user segments or data access levels you wish to enforce.

   2.For dynamic RLS, a custom attribute (such as a GUID or email) can be passed as the username in the EffectiveIdentity object

Below is the official link will help you:

Permission tokens needed to embed a Power BI app - Power BI | Microsoft Learn

Generate an embed token in Power BI embedded analytics - Power BI | Microsoft Learn

Best Regards,

Xianda Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

2 REPLIES 2
wasiqkhan
Frequent Visitor

Hi @v-xiandat-msft , thanks for providing the solution. I discussed this with my team, and we are facing another difficulty. Initially, we decided to go with RLS (Row-Level Security), but now we face an issue. When my client base exceeds more than 1,000, it's not efficient to manage RLS for each client separately. Is there a way for my clients to see their own data without applying RLS?

v-xiandat-msft
Community Support
Community Support

Hi @wasiqkhan ,

With row-level security (RLS), the identifier you use can be different from the identifier of the service subject or primary user used to generate the token. Using a different identifier allows you to display embedded information based on the target user. If you are using RLS, you can sometimes leave the user identification (EffectiveIdentity parameter) unspecified. If you do not use the EffectiveIdentity parameter, the token can access the entire database. This method can be used to grant access to users such as administrators and managers who have permission to view the entire semantic model.

Here are the steps to achieve this
   1.Start by defining roles in the Power BI Desktop file. These roles should reflect the different user segments or data access levels you wish to enforce.

   2.For dynamic RLS, a custom attribute (such as a GUID or email) can be passed as the username in the EffectiveIdentity object

Below is the official link will help you:

Permission tokens needed to embed a Power BI app - Power BI | Microsoft Learn

Generate an embed token in Power BI embedded analytics - Power BI | Microsoft Learn

Best Regards,

Xianda Tang

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Announcements
July 2024 Power BI Update

Power BI Monthly Update - July 2024

Check out the July 2024 Power BI update to learn about new features.