Earn a 50% discount on the DP-600 certification exam by completing the Fabric 30 Days to Learn It challenge.
Hey guys.
I work with a web system where we use the PowerBI Premiun embedded solution.
In many tutorials, is necessary release the role "Global Administrator" for the Azure AD user that I use to generate the access token to my reports, however, I would not want to release this role as it gives a lot of power to the user.
Could you tell me what roles the Azure user really needs so I can use it with the embedded solution?
Solved! Go to Solution.
Hi @Interact,
Power BI embedded analytics offers two solutions:
Embed for your customers - Allows you to build a an app that uses non-interactive authentication against Power BI. Your customers are likely to be external users, and they don't need to sign in using Power BI credentials to view the embedded content. Typically, this solution is used by independent software vendors (ISVs) who are developing applications for third parties.
Embed for your organization - Allows you to build an app that requires signing in using Power BI credentials. Once signed in users can only consume embedded content they have access to on Power BI service. This solution is aimed at big organizations that are building an app for internal users.
From th official documentations below, neither of the above solutions specifically requires the account permission type to be Global Administrator. The following are the prerequisites for using either solution:
1. Embed for your customers: Embed Power BI content using a sample embed for your customers application
Your own Azure Active Directory tenant.
To authenticate your app against Power BI, you'll need one of the following:
Service principal - An Azure Active Directory (Azure AD) service principal object that allows Azure AD to authenticate your app.
Power BI Pro license - This will be your master user and your app will use it to authenticate to Power BI.
A Power BI Premium Per User (PPU) license - This will be your master user and your app will use it to authenticate to Power BI.
2. Embed for your organization: Embed Power BI content into an application for your organization
Your own Azure Active Directory tenant.
One of the following licenses:
For the discussions of this problem, you can also check out the replies from @GuyInACube in this thread below.
For Azure Support team: What permissions are required to generate a PBI Embedded token?
Best Regards
Hi @Interact,
Power BI embedded analytics offers two solutions:
Embed for your customers - Allows you to build a an app that uses non-interactive authentication against Power BI. Your customers are likely to be external users, and they don't need to sign in using Power BI credentials to view the embedded content. Typically, this solution is used by independent software vendors (ISVs) who are developing applications for third parties.
Embed for your organization - Allows you to build an app that requires signing in using Power BI credentials. Once signed in users can only consume embedded content they have access to on Power BI service. This solution is aimed at big organizations that are building an app for internal users.
From th official documentations below, neither of the above solutions specifically requires the account permission type to be Global Administrator. The following are the prerequisites for using either solution:
1. Embed for your customers: Embed Power BI content using a sample embed for your customers application
Your own Azure Active Directory tenant.
To authenticate your app against Power BI, you'll need one of the following:
Service principal - An Azure Active Directory (Azure AD) service principal object that allows Azure AD to authenticate your app.
Power BI Pro license - This will be your master user and your app will use it to authenticate to Power BI.
A Power BI Premium Per User (PPU) license - This will be your master user and your app will use it to authenticate to Power BI.
2. Embed for your organization: Embed Power BI content into an application for your organization
Your own Azure Active Directory tenant.
One of the following licenses:
For the discussions of this problem, you can also check out the replies from @GuyInACube in this thread below.
For Azure Support team: What permissions are required to generate a PBI Embedded token?
Best Regards