Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
differHelp
New Member

Errors getting embed tokens with row level security

‎01-25-2022 04:40 AM

Hello

 

I am trying to implement Row Level Security (RLS) with Power BI Embedded (App Owns Data). I have tried watching a video from Guy In A Cube and reading the following documentation:

https://www.youtube.com/watch?v=yNF-_l2f7w0

https://docs.microsoft.com/en-us/power-bi/developer/embedded/embedded-row-level-security

 

When using the sample program from Guy In A Cube (https://github.com/guyinacube/Embed-API-Sample/tree/master/EmbedAPISample) to generate embed tokens i get the following error:

Microsoft.Rest.HttpOperationException: Operation returned an invalid status code 'Forbidden'
at Microsoft.PowerBI.Api.ReportsOperations.<GenerateTokenInGroupWithHttpMessagesAsync>d__32.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.PowerBI.Api.ReportsOperationsExtensions.<GenerateTokenInGroupAsync>d__87.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.PowerBI.Api.ReportsOperationsExtensions.GenerateTokenInGroup(IReportsOperations operations, Guid groupId, Guid reportId, GenerateTokenRequest requestParameters)
at EmbedAPISample.Program.Main(String[] args) in C:\Embed-API-Sample-master\Embed-API-Sample-master\EmbedAPISample\Program.cs:line 60

 

I have two Power BI reports hosted in a "Premium per Capacity" licensed workspace ("new workspace") - one report with RLS and roles and one without. I the same (very similar) error for both reports (setting the useRLS variable to false for the report without RLS).

 

I am using a service principal (Azure AD app) and have inputed/edited the following in the sample program:

  • Program.cs:
    • tentantId
    • groupId
    • datasetId (testing with both datasets/reports)
    • reportId (testing with both datasets/reports)
    • username (for EffectiveIdentity rls variable)
    • added the rolename to rolesList (identical to the rolename i have in my Power BI report)
  • Secrets.cs:
    • ClientID
    • ClientSecret

 

My application have access to the following APIs:

differHelp_0-1643108936546.png

 

Any ideas as to what might cause the error?

Labels:
Message 1 of 2
285 Views
0
1 REPLY 1
V-lianl-msft
Community Support
Community Support

‎01-27-2022 05:25 PM

Hi @differHelp ,

 

Usually Forbidden error indicates the registered app doesn't have suffiecient permission, please check premissions in

azure portal. For other issues, to have a better troubleshooting, please add try..catch block to get more detailed error information.

 

Best Regards,
Liang
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 2 of 2
227 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All