Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We've captured the moments from FabCon & SQLCon that everyone is talking about, and we are bringing them to the community, live and on-demand. Starts on April 14th. Register now

Reply
ribisht
Helper I
Helper I

Implement RLS in Power BI Using Application-Level Authentication

‎08-04-2025 11:41 PM
 
Current State : Power BI static url(embeded in the application) is provided in the application and they manual do pivot for the restricted data and place it in shared drive
 
Expected: Have to perform the RLS in powerbi not with the user created in Microsoft have to capture the application user login and filter the data accordingly
 
Background :
Our assure application has two layers of authentication: an application user login, not MS Entra or SSO, and IP address restriction by FI tenant registration, and sometimes per user if they are unable to route requests through their proxy server or from within their registered network IP range. All our Assure application’s requests to external resources leverage either Azure managed identity or user credentials stored in Azure key vault. Our requests include FI tenant and application user identification values to verify and filter access to data.
 
 
Labels:
Message 1 of 3
772 Views
0
1 ACCEPTED SOLUTION
rohit1991
Super User
Super User

‎08-05-2025 12:02 AM

Hi @ribisht 

 

To implement RLS with application-level authentication (not using Microsoft user accounts), you should use Power BI embedding for service principals. First, assign RLS roles to the dataset in Power BI Desktop and publish it. Then, when generating the embed token in your application, pass the appropriate username as an effective identity in the token request. Power BI will apply RLS based on that username. This way, your app controls what data the user sees using its own authentication logic, while Power BI enforces RLS behind the scenes. No manual pivot or shared drives are needed once setup is complete.


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!

View solution in original post

Message 2 of 3
753 Views
0
2 REPLIES 2
Anonymous
Not applicable

‎08-05-2025 09:25 PM

Hi @ribisht ,

Thank you for reaching out to the Microsoft fabric community forum. Also thank you @rohit1991 , your suggested method is correct for enabling RLS with application-level authentication in Power BI Embedded.

In adition to that,here are a few points need to consider:

  • This method requires a workspace in Power BI Premium capacity, as embedding with a service principal isn’t supported with Pro licenses.
  • The identity string provided via EffectiveIdentity must match the format used in your RLS setup, usually through USERNAME() or USERPRINCIPALNAME() in the role definitions.
  • Your application must handle user authentication and map users to the correct identity string, since Power BI only enforces RLS based on the embed token and does not perform authentication itself.

Once configured, this approach provides secure and dynamic data access based on your app’s user model, without manual data pivots or shared storage.

Hope this helps. Please reach out for further assistance.

 

Thank you.

Message 3 of 3
713 Views
0
rohit1991
Super User
Super User

‎08-05-2025 12:02 AM

Hi @ribisht 

 

To implement RLS with application-level authentication (not using Microsoft user accounts), you should use Power BI embedding for service principals. First, assign RLS roles to the dataset in Power BI Desktop and publish it. Then, when generating the embed token in your application, pass the appropriate username as an effective identity in the token request. Power BI will apply RLS based on that username. This way, your app controls what data the user sees using its own authentication logic, while Power BI enforces RLS behind the scenes. No manual pivot or shared drives are needed once setup is complete.


Did it work? ✔ Give a Kudo • Mark as Solution – help others too!
Message 2 of 3
754 Views
0

Helpful resources

Announcements
New to Fabric survey Carousel

New to Fabric Survey

If you have recently started exploring Fabric, we'd love to hear how it's going. Your feedback can help with product improvements.

Power BI DataViz World Championships carousel

Power BI DataViz World Championships - June 2026

A new Power BI DataViz World Championship is coming this June! Don't miss out on submitting your entry.

Join our Fabric User Panel

Join our Fabric User Panel

Share feedback directly with Fabric product managers, participate in targeted research studies and influence the Fabric roadmap.

View All