cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
New Member

How to implement Row Level Security in Power BI Embedded?

I am trying to implement row level security in Power BI Embedded downloaded code which has been downloaded from below URL.

https://github.com/Microsoft/PowerBI-Developer-Samples/tree/master/User%20Owns%20Data/integrate-repo...


I have found a solution which can be implemented in earlier version of Power BI reports code but that is not useful for me. Please find below URL for this.

https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security

I would seek your help to find a solution to implement Row Level Security in above code. I look forward for response on this. Thanks

 

 

5 REPLIES 5
Highlighted
New Member

Re: How to implement Row Level Security in Power BI Embedded?

Hi,

 

I hardly require help to sort this out. Can anyone respond on this. Thanks

Highlighted
Microsoft
Microsoft

Re: How to implement Row Level Security in Power BI Embedded?

Are you using the App-Owns-Data model or the User-Owns-Data model?

 

If you are suing the App-Owns-Data model you must generate an embed token with an EffectiveIdentity to map your user to a UserName and one or more roles. If you are using the User-Owns-Data and UserName is passed autoamtically and you must map each users to their RLS roles in the Power BI service.

 

In either case you can use dynamic RLS with a Users table and a UserPermissions table. Can you be more specific about what you are trying to accomplish?

Highlighted
New Member

Re: How to implement Row Level Security in Power BI Embedded?

Thanks for your response.

 

I am using User-Owns-Data to implement my requirement.

 

I have successfully implemented displaying reports list based on workspace/group id and able to display report data when user click on particular report from the list. This is working as expected.

 

Now, I have to apply Row Level Security for the reports. i.e., based on the role of the user, report data to be filtered and only reports should be displayed based on filtered data. I have tried but didn't get a solution for this.

 

Please see below screenshot of code to give you an idea how I am getting access token from authentication result. I am using the access token to get reports list and to display individual report.

 

Lines of code to get Access TokenLines of code to get Access TokenCode to get reports list using generated Access TokenCode to get reports list using generated Access TokenCode to get selected report data using generated Access TokenCode to get selected report data using generated Access Token

I think I need to make changes in code. But I would require your help to get this sorted. Thanks

 

Highlighted
Microsoft
Microsoft

Re: How to implement Row Level Security in Power BI Embedded?

If you are using User-Owns-Data then there is much less work to do. When using App-Owns-Data you must programatically generate an embed code with the RLS roles inside. But with User-Owns-Data, all of RLS is configured external to your applation.

 

Here are the basic steps.

  1. Add RLS roles to your Power BI Desktop project
  2. Publish the Power BI Desktop project to an app workspace
  3. In the Power BI Service, configure the users and groups for each role.
  4. Use Power BI embedding using the Azure AD access token created for each user.

At this point, RLS should work and Power BI embedding should only display the data for each user based on the role(s) they are in. I think you should be able to accomplsh this without any changes to your current application.

Highlighted
Helper II
Helper II

Re: How to implement Row Level Security in Power BI Embedded?

@TedPattison  - What should be the solution for Apps Own Data Scenario? I'm also facing the similar problem with my embedded reports. Embedding works as expected but not the Row level security. Here is my scenario - 

 

1. Data Source - SQL Server On-premise

2. Dynamic RLS is configued in Power BI Desktop

3. Published Reports to Premium Capacity, upgraded Workspace

4. Embedded Solution - Apps Own Data using JavaScript (used GenerateToken method)

5. Added EffectiveIdentity as below in the JavaScript GenerateToken Call.

 

{
    "accessLevel": "View",
    "identities": [
        {
            "username": "EffectiveIdentity",
            "roles": [ "Role1", "Role2" ],
            "customData": "MyCustomData",
            "datasets": [ "fe0a1aeb-f6a4-4b27-a2d3-b5df3bb28bdc" ]
        }
    ]
}

 

 

What am I missing here? Thank you! 

Helpful resources

Announcements
Community Blog

Community Blog

Visit our Community Blog for articles, guides, and information created by fellow community members.

Using the Community

Using the Community

Need help with the Power BI Community? Our 'Using the Community' support articles are a great place to start.

Community Summit North America

Community Summit North America

Innovate, Collaborate, Grow. The top training and networking event across the globe for Microsoft Business Applications

Power Platform 2020 release wave 2 plan

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Top Solution Authors