Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!
I have Power BI Embedded App-Owns data scenario where I have a report configured for Row Level Security, and the report shows different data based on the some of filter parameters I passed from client side.
When client requests report (request generated from client facing website), server side code generates Embed token (this would be server-to-server call => from my server to PowerBi Service, no data from client space passed to PowerBi Service). I am using PowerBi API to generate Embed token for certain ReportID and DataSet and authentication is taken care correctly. Now this Embed token is passed to client space and there I am using EmbedConfig to embed report. Something like below:
const filter = { $schema: "http://powerbi.com/product/schema#basic", target: { table: "table name", column: "Organization" }, operator: "In", values: ["SomefilterValue"] }; var config = { type: 'report', tokenType: models.TokenType.Embed, accessToken: accessToken, embedUrl: embedUrl, id: embedReportId, permissions: models.Permissions.Read, settings: { filterPaneEnabled: true, navContentPaneEnabled: false } };
However, my major concern is in client-side JavaScript scenario. If I am a bad actor, I can just use Chrome developer tools (or Fiddler, or whatever) to get Embed Token. Once I have that embed token, I can use PowerBi Embed Playground and pass various filter parameters. I am really stuck at this point, I think, I am missing something.
I implmented everything according to : https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-sample-for-customers
User | Count |
---|---|
15 | |
2 | |
1 | |
1 | |
1 |
User | Count |
---|---|
18 | |
11 | |
5 | |
4 | |
3 |