March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
Register NowGet certified in Microsoft Fabric—for free! For a limited time, the Microsoft Fabric Community team will be offering free DP-600 exam vouchers. Prepare now
Greetings!
I have sucessfully embedded reports using the "embed for your customers" way and using a service principal. I can generate a token and pass it to the frontend where the embed of the report is made using the powerbi-client js library.
The problem is that I create the token with the atributes set to not allow the reports to go into edit mode but when the configs of powerbi-client are set to permissions.All and ViewMode to Edit the reports still go into Edit mode...
code to generate token:
var tokenRequest = new GenerateTokenRequestV2(
reports: new List<GenerateTokenRequestV2Report>() { new GenerateTokenRequestV2Report(reportId, allowEdit: false) },
...
Code on the front end:
reportLoadConfig = {
type: "report",
tokenType: models.TokenType.Embed,
accessToken: embedParams.EmbedToken.Token,
embedUrl: embedParams.EmbedReport[0].EmbedUrl,
// Adding viem mode and permissions lines bellow will cause the report to go
// into edit mode even with the token set to editmode = false...
viewMode: models.ViewMode.Edit,
permissions: models.Permissions.All,
// Enable this setting to remove gray shoulders from embedded report
// settings: {
// background: models.BackgroundType.Transparent
// }
};
What could be the issue here? And what can I do to permenantly disable edit mode on the frontend even when the powerbi-client config code is changed to allow edit?
Thank you all in advance!
Side notes:
- Keeping in mind the fact that any code on the frontend is not safe and can easely be manipulated: Considering the "embed for customers" scenario, why would you even be able to set the permissions on the frontend? Would it not be best practice to only be the token to dictate what range of permissions the embed has?
And there are other condiderations to this outside of setting permissions like, changing page navigation mode or showing errors, just to name a few...
Again maybe I'm missing something here. So please let me know your opinions on this topic.
All the best
Side notes:
- Keeping in mind the fact that any code on the frontend is not safe and can easely be manipulated: Considering the "embed for customers" scenario, why would you even be able to set the permissions on the frontend? Would it not be best practice to only be the token to dictate what range of permissions the embed has?
And there are other condiderations to this outside of setting permissions like, changing page navigation mode or showing errors, just to name a few...
Again maybe I'm missing something here. So please let me know your opinions on this topic.
All the best
Hi @ZeDosDados ,
Please refer these links below that may help for you.
Embed Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Learn
FormDatasource.allowEdit(false) Does Not Work - Microsoft Dynamics AX Forum Community Forum
allowEdit not work in OnActivated (D365) - Dynamics 365 Finance Forum Community Forum
Hope this helps you.
Best Regards,
Community Support Team _Yinliw
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @v-yinliw-msft
Thank you for your reply.
Unfortunatelly I was not able to solve the problem.
Following the documentation to create embed token I proceeded to check the permissions set on the registered app with the service principal on Azure. There are only the options for the tenant (read/write.all) and nothing else.
I also tried changing from service principal to Master User, and in delegeted permissions I was able to set (read.all) permissions for Reports, Dataset, workspace etc.. and try out these combinations. Also the user account for master user being an admin for the workspace.
But still on the frontend, changing the powerbi-client configs Im able to turn edit mode on...
What am I missing here?
yes -- this is definitely a problem -- we can control write access through the azure portal app settings delegated permissions and ultimately prevent a report from being edited / saved as - but this doesn't prevent the user from going into edit mode in the browser... yes there is a soft control by setting the permissions in the embed config in javascript to View or Read, but anyone can run the following javascript in the console and change the properties of the embedded report and then go into edit mode. Why is this a problem despite them not being able to save the report? Because they can see all the tables in the report and this could be proprietary design -- easy to work out the data model from this.
The allowEdit parameter seems to do nothing here on the server-side
GenerateTokenRequestV2Report(reportId, allowEdit: false)
Here's the javascript you can run on the console and change your own "permissions"
const config2 = {
type: 'report',
tokenType: models.TokenType.Embed,
accessToken: accessToken,
embedUrl: embedUrl,
id: embedReportId,
permissions: models.Permissions.All,
settings: {
// Enable this setting to remove gray shoulders from embedded report
// background: models.BackgroundType.Transparent,
filterPaneEnabled: true,
navContentPaneEnabled: true
}
};
// Embed the report and display it within the div container.
const report2 = powerbi.embed(reportContainer, config2);
//now you can change the mode!
report.switchMode("edit");
Is there any possible solution to this? Is this a properly known issue by the power bi team?
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
Check out the November 2024 Power BI update to learn about new features.
User | Count |
---|---|
47 | |
39 | |
34 | |
33 | |
20 |