Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.
I've a requirement to grant users outside of a domain to grant access to run reports.
1) Can we add new roles to the Role table in PowerBI DB tables ?
2) Is there any other way to control access for external users who are not part of a domain.
You'll need to set up custom authentication for users outside of the domain.
Here the link to the custom security solution sample:
https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample
If you follow the steps correctly you can be set up within an hour or less.
Use powershell to generate your own machine key, dont use the one in the sample.
You should probably also install a web certificate for the Report Server Service, and Report Server Web Portal.
you'll need to open firewalls between you and your external user on the port that the web portal is running on.
IMPORTANT NOTE: This removes active directory authentication. If anyone knows how to set up dual or fall back authentication, please reply.
Is it possible to use this to prevent users logged into a website from viewing embedded reports by manipulating the iframe src? How does an on-prem report server know which user has logged into an external website?
Example scenario.
Is it possible using an embedded iframe and an on-prem report server to prevent User B from viewing Report A? How can the website tell the report server who is trying to view the report?
Thanks.
Willy,
I'm not aware of anyway to manipulate the iframe src to manage permissions.
If you are using windows authentication then yes, set permissions based on windows authentication
If you are using custom authentication for external users, then users have to login with credentials that you set up and provide them. It's also possible to pass cookies and/or automatically detect which user is grouped into which access group, report A or report B, and then have those credentials automatically entered by the application into the form. If they change URL's, that custom account won't have access to the other report, as long as you dont give it permissions on that one in PBIRS.
Thanks for posting this, my team is also looking for help on this.