Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
Anonymous
Not applicable

Grant permission with embedded Power BI

Hello to all,

My scenario is this:

I would like to share a power BI report with non-Power BI users, such as with customers or members of my organization who do not use Power BI.

I created a sample application, with an access token for non-Power BI users (app owns data). I followed all the documentation available online, for example this content: https://docs.microsoft.com/en-us/power-bi/developer/get-azuread-access-token

 

It works! But I have a doubt.

Although I will implement a mechanism to allow access to the page only to authorized users, the user will have access to a web page containing javascript scripts. By displaying the source code, the user can obtain: object ID, token, report ID.
So if the user sent this information to another user, the last one could access the report with simple technical operations.
Even if I set a very short expiration time for the authentication token, there would always be this problem.

 

How could I make an embedded report by api really reserved for a single group of users?

1 ACCEPTED SOLUTION
v-micsh-msft
Employee
Employee

Personally I think this should be guaranteed through the Application authentication.

 

By the way, the users who have the rights to access the source code should be restricted.

 

Further, within Power BI Embedded, you could set up Row Level security:

Use row-level security with Power BI Embedded content

 

Regards,

Michael

 

 

View solution in original post

2 REPLIES 2
v-micsh-msft
Employee
Employee

Personally I think this should be guaranteed through the Application authentication.

 

By the way, the users who have the rights to access the source code should be restricted.

 

Further, within Power BI Embedded, you could set up Row Level security:

Use row-level security with Power BI Embedded content

 

Regards,

Michael

 

 

Anonymous
Not applicable

Thank you @v-micsh-msft!

 

Your answer clarified my ideas.
Through the application authentication it's possible to restrict access to whoever you want. In addition there are several mechanisms to prevent the reading of javascript code.
If all this is not enough, I could set up row Level security: in thise case the embedded tokens can be generated with permissions limited to a specific role.
Thanks so much!

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors