Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!
Hello everyone,
Good day to you all. 🙂
My client is interested in making use of PowerBI for its interactive dashboard capabilities, for our Dynamics 365 CRM implementation. As much as MS sells PowerBI as a powerful addon, there seem to be some significant problems in using it with D365 CRM as a complete replacement for CRM dashboards, or at least I feel so maybe because I am unaware of its capabilities.
The in-built dashboard functionality of CRM is based on the current user's security permissions. A record, for which the user was not authorized for viewing, will not be available on his dashboard. But these dashboards are not so interactive as PowerBI. Hence we want to replace them with PowerBI. Our approach is, the administrator creates a dashboard with some report tiles and publishes it as an app for organization use in PowerBI online. Users, say Sales Persons, will have to install this app, so they can use this dashboard inside CRM.
However, the problem is that the dashboard report's dataset is still using the administrator's credentials (the one who designs the dashboard in the first place) for retrieving the data from CRM OData service. Hence the report for Sales Person is generated using the data available for Administrator and not the Sales Person himself.
My question is, is it possible for the administrator to publish the app, without the dataset credentials or to force the users to change the dataset credentials when he installs the application.
Solved! Go to Solution.
@johninfant In order to apply RLS, you need to use the Desktop and connect to the CRM information in one of the support ways. Publish the report to the Service and share the report with the end users. When RLS is enabled, the user when accessing the report will be filtered to the context of information you want them to see based on your RLS rules.
What you describe is the author experiance, not what the end user sees. If you wanted every end user to use the content pack and oauth in then they would be limited to their view, but that would be a end user exercise...
With RLS, the end user wouldn't need to do anything. They would be authenticated and filtered by your set up of RLS in the report model.
@johninfant As with any source of data, you lose the security context of the data when you extract it. This is the same for CRM. You lose the security context that is inherint in the application. You handle this by creating Row Level Security in the Power BI Model, hopefully you can use the same groups or have a mapping table from CRM that mirrors or allows you to easily replicate those levels of permissions. Using this method, the end user will be validated against your RLS and only see what they should have access to see.
Hi @Seth_C_Bauer,
Thank you very much for your suggestion. I will definitely give that a try.
But I just want to confirm that it's not possible to force the user to enter the sign in credentials as soon as they install the app. When I install any CRM related content pack from AppSource, it allows me to configure the desired CRM Instance and OAuth2 credentials. Is it possible to mimic a similar behavior for internal organization apps?
Regards,
John
@johninfant In order to apply RLS, you need to use the Desktop and connect to the CRM information in one of the support ways. Publish the report to the Service and share the report with the end users. When RLS is enabled, the user when accessing the report will be filtered to the context of information you want them to see based on your RLS rules.
What you describe is the author experiance, not what the end user sees. If you wanted every end user to use the content pack and oauth in then they would be limited to their view, but that would be a end user exercise...
With RLS, the end user wouldn't need to do anything. They would be authenticated and filtered by your set up of RLS in the report model.
@Seth_C_Bauer, Then I think RLS is the way to go. Thanks for your reply. Will have to explore more on RLS.