Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
ZeDosDados
New Member

Still able to go into Edit mode with token containig allowEdit set to false.

Greetings!
I have sucessfully embedded reports using the "embed for your customers" way and using a service principal. I can generate a token and pass it to the frontend where the embed of the report is made using the powerbi-client js library. 

The problem is that I create the token with the atributes set to not allow the reports to go into edit mode but when the configs of powerbi-client are set to permissions.All and ViewMode to Edit the reports still go into Edit mode...

 

code to generate token:

 

 

var tokenRequest = new GenerateTokenRequestV2(

                reports: new List<GenerateTokenRequestV2Report>() { new GenerateTokenRequestV2Report(reportId, allowEdit: false) },

...

 

 

 

Code on the front end:

 

 

reportLoadConfig = {
                type: "report",
                tokenType: models.TokenType.Embed,
                accessToken: embedParams.EmbedToken.Token,
                embedUrl: embedParams.EmbedReport[0].EmbedUrl,
                // Adding viem mode and permissions lines bellow will cause the report to go 
                //  into edit mode even with the token set to editmode = false...
                viewMode: models.ViewMode.Edit,
                permissions: models.Permissions.All,
                // Enable this setting to remove gray shoulders from embedded report
                // settings: {
                //     background: models.BackgroundType.Transparent
                // }
            };

 

 

 

What could be the issue here? And what can I do to permenantly disable edit mode on the frontend even when the powerbi-client config code is changed to allow edit? 
Thank you all in advance!

 

Side notes:
- Keeping in mind the fact that any code on the frontend is not safe and can easely be manipulated: Considering the "embed for customers" scenario, why would you even be able to set the permissions on the frontend? Would it not be best practice to only be the token to dictate what range of permissions the embed has?
And there are other condiderations to this outside of setting permissions like, changing page navigation mode or showing errors, just to name a few...
Again maybe I'm missing something here. So please let me know your opinions on this topic.
All the best

4 REPLIES 4
ZeDosDados
New Member

Side notes:
- Keeping in mind the fact that any code on the frontend is not safe and can easely be manipulated: Considering the "embed for customers" scenario, why would you even be able to set the permissions on the frontend? Would it not be best practice to only be the token to dictate what range of permissions the embed has?
And there are other condiderations to this outside of setting permissions like, changing page navigation mode or showing errors, just to name a few...
Again maybe I'm missing something here. So please let me know your opinions on this topic.
All the best

v-yinliw-msft
Community Support
Community Support

Hi @ZeDosDados ,

 

Please refer these links below that may help for you.

Embed Token - Generate Token - REST API (Power BI Power BI REST APIs) | Microsoft Learn

FormDatasource.allowEdit(false) Does Not Work - Microsoft Dynamics AX Forum Community Forum

allowEdit not work in OnActivated (D365) - Dynamics 365 Finance Forum Community Forum

 

Hope this helps you.

 

Best Regards,

Community Support Team _Yinliw

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi @v-yinliw-msft 
Thank you for your reply.
Unfortunatelly I was not able to solve the problem.
Following the documentation to create embed token I proceeded to check the permissions set on the registered app with the service principal on Azure. There are only the options for the tenant (read/write.all) and nothing else. 
I also tried changing from service principal to  Master User, and in delegeted permissions I was able to set (read.all) permissions for Reports, Dataset, workspace etc.. and try out these combinations. Also the user account for master user being an admin for the workspace. 
But still on the frontend, changing the powerbi-client configs Im able to turn edit mode on...
What am I missing here?


 

yes -- this is definitely a problem -- we can control write access through the azure portal app settings delegated permissions and ultimately prevent a report from being edited  / saved as - but this doesn't prevent the user from going into edit mode in the browser... yes there is a soft control by setting the permissions in the embed config in javascript to View or Read, but anyone can run the following javascript in the console and change the properties of the embedded report and then go into edit mode. Why is this a problem despite them not being able to save the report? Because they can see all the tables in the report and this could be proprietary design -- easy to work out the data model from this.

 

The allowEdit parameter seems to do nothing here on the server-side 

GenerateTokenRequestV2Report(reportId, allowEdit: false)  

 

Here's the javascript you can run on the console and change your own "permissions"

 

const config2 = {
        type: 'report',
        tokenType: models.TokenType.Embed,
        accessToken: accessToken,
        embedUrl: embedUrl,
        id: embedReportId,
        permissions: models.Permissions.All,
        settings: {
            // Enable this setting to remove gray shoulders from embedded report
            // background: models.BackgroundType.Transparent,
            filterPaneEnabled: true,
            navContentPaneEnabled: true
        }
    };

    // Embed the report and display it within the div container.
    const report2 = powerbi.embed(reportContainer, config2);

    //now you can change the mode!
    report.switchMode("edit");

 

 

Is there any possible solution to this? Is this a properly known issue by the power bi team?

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors
Top Kudoed Authors