Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
johninfant
New Member

[PowerBI Apps] - Current user credentials for the dataset

Hello everyone,

 

Good day to you all. 🙂

 

My client is interested in making use of PowerBI for its interactive dashboard capabilities, for our Dynamics 365 CRM implementation. As much as MS sells PowerBI as a powerful addon, there seem to be some significant problems in using it with D365 CRM as a complete replacement for CRM dashboards, or at least I feel so maybe because I am unaware of its capabilities.

 

The in-built dashboard functionality of CRM is based on the current user's security permissions. A record, for which the user was not authorized for viewing, will not be available on his dashboard. But these dashboards are not so interactive as PowerBI. Hence we want to replace them with PowerBI. Our approach is, the administrator creates a dashboard with some report tiles and publishes it as an app for organization use in PowerBI online. Users, say Sales Persons, will have to install this app, so they can use this dashboard inside CRM.

 

However, the problem is that the dashboard report's dataset is still using the administrator's credentials  (the one who designs the dashboard in the first place) for retrieving the data from CRM OData service. Hence the report for Sales Person is generated using the data available for Administrator and not the Sales Person himself. 

 

My question is, is it possible for the administrator to publish the app, without the dataset credentials or to force the users to change the dataset credentials when he installs the application.

1 ACCEPTED SOLUTION

@johninfant In order to apply RLS, you need to use the Desktop and connect to the CRM information in one of the support ways. Publish the report to the Service and share the report with the end users. When RLS is enabled, the user when accessing the report will be filtered to the context of information you want them to see based on your RLS rules.

 

What you describe is the author experiance, not what the end user sees. If you wanted every end user to use the content pack and oauth in then they would be limited to their view, but that would be a end user exercise... 

 

With RLS, the end user wouldn't need to do anything. They would be authenticated and filtered by your set up of RLS in the report model.


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG

View solution in original post

4 REPLIES 4

@johninfant As with any source of data, you lose the security context of the data when you extract it. This is the same for CRM. You lose the security context that is inherint in the application. You handle this by creating Row Level Security in the Power BI Model, hopefully you can use the same groups or have a mapping table from CRM that mirrors or allows you to easily replicate those levels of permissions. Using this method, the end user will be validated against your RLS and only see what they should have access to see.


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG

Hi @Seth_C_Bauer,

 

Thank you very much for your suggestion. I will definitely give that a try.

 

But I just want to confirm that it's not possible to force the user to enter the sign in credentials as soon as they install the app. When I install any CRM related content pack from AppSource, it allows me to configure the desired CRM Instance and OAuth2 credentials. Is it possible to mimic a similar behavior for internal organization apps?

 

Regards,

John

@johninfant In order to apply RLS, you need to use the Desktop and connect to the CRM information in one of the support ways. Publish the report to the Service and share the report with the end users. When RLS is enabled, the user when accessing the report will be filtered to the context of information you want them to see based on your RLS rules.

 

What you describe is the author experiance, not what the end user sees. If you wanted every end user to use the content pack and oauth in then they would be limited to their view, but that would be a end user exercise... 

 

With RLS, the end user wouldn't need to do anything. They would be authenticated and filtered by your set up of RLS in the report model.


Looking for more Power BI tips, tricks & tools? Check out PowerBI.tips the site I co-own with Mike Carlo. Also, if you are near SE WI? Join our PUG Milwaukee Brew City PUG

@Seth_C_Bauer, Then I think RLS is the way to go. Thanks for your reply. Will have to explore more on RLS. Man Happy 

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors
Top Kudoed Authors