Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Level up your Power BI skills this month - build one visual each week and tell better stories with data! Get started

Reply
ribisht
Helper I
Helper I

Implement RLS in Power BI Using Application-Level Authentication

‎08-04-2025 11:41 PM
 
Current State : Power BI static url(embeded in the application) is provided in the application and they manual do pivot for the restricted data and place it in shared drive
 
Expected: Have to perform the RLS in powerbi not with the user created in Microsoft have to capture the application user login and filter the data accordingly
 
Background :
Our assure application has two layers of authentication: an application user login, not MS Entra or SSO, and IP address restriction by FI tenant registration, and sometimes per user if they are unable to route requests through their proxy server or from within their registered network IP range. All our Assure application’s requests to external resources leverage either Azure managed identity or user credentials stored in Azure key vault. Our requests include FI tenant and application user identification values to verify and filter access to data.
 
 
Labels:
Message 1 of 3
863 Views
0
1 ACCEPTED SOLUTION
rohit1991
Super User
Super User

‎08-05-2025 12:02 AM

Hi @ribisht 

 

To implement RLS with application-level authentication (not using Microsoft user accounts), you should use Power BI embedding for service principals. First, assign RLS roles to the dataset in Power BI Desktop and publish it. Then, when generating the embed token in your application, pass the appropriate username as an effective identity in the token request. Power BI will apply RLS based on that username. This way, your app controls what data the user sees using its own authentication logic, while Power BI enforces RLS behind the scenes. No manual pivot or shared drives are needed once setup is complete.


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!

View solution in original post

Message 2 of 3
844 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎08-05-2025 09:25 PM

Hi @ribisht ,

Thank you for reaching out to the Microsoft fabric community forum. Also thank you @rohit1991 , your suggested method is correct for enabling RLS with application-level authentication in Power BI Embedded.

In adition to that,here are a few points need to consider:

  • This method requires a workspace in Power BI Premium capacity, as embedding with a service principal isn’t supported with Pro licenses.
  • The identity string provided via EffectiveIdentity must match the format used in your RLS setup, usually through USERNAME() or USERPRINCIPALNAME() in the role definitions.
  • Your application must handle user authentication and map users to the correct identity string, since Power BI only enforces RLS based on the embed token and does not perform authentication itself.

Once configured, this approach provides secure and dynamic data access based on your app’s user model, without manual data pivots or shared storage.

Hope this helps. Please reach out for further assistance.

 

Thank you.

Message 3 of 3
804 Views
0
rohit1991
Super User
Super User

‎08-05-2025 12:02 AM

Hi @ribisht 

 

To implement RLS with application-level authentication (not using Microsoft user accounts), you should use Power BI embedding for service principals. First, assign RLS roles to the dataset in Power BI Desktop and publish it. Then, when generating the embed token in your application, pass the appropriate username as an effective identity in the token request. Power BI will apply RLS based on that username. This way, your app controls what data the user sees using its own authentication logic, while Power BI enforces RLS behind the scenes. No manual pivot or shared drives are needed once setup is complete.


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!
Message 2 of 3
845 Views
0

Helpful resources

Announcements
April Power BI Update Carousel

Power BI Monthly Update - April 2026

Check out the April 2026 Power BI update to learn about new features.

Fabric SQL PBI Data Days

Data Days 2026 coming soon!

Sign up to receive a private message when registration opens and key events begin.

New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

View All