02-06-2019 05:46 AM
I am trying to implement row level security in Power BI Embedded downloaded code which has been downloaded from below URL.
I have found a solution which can be implemented in earlier version of Power BI reports code but that is not useful for me. Please find below URL for this.
I would seek your help to find a solution to implement Row Level Security in above code. I look forward for response on this. Thanks
02-10-2019 05:02 AM
Are you using the App-Owns-Data model or the User-Owns-Data model?
If you are suing the App-Owns-Data model you must generate an embed token with an EffectiveIdentity to map your user to a UserName and one or more roles. If you are using the User-Owns-Data and UserName is passed autoamtically and you must map each users to their RLS roles in the Power BI service.
In either case you can use dynamic RLS with a Users table and a UserPermissions table. Can you be more specific about what you are trying to accomplish?
02-11-2019 05:22 AM - edited 02-11-2019 05:23 AM
Thanks for your response.
I am using User-Owns-Data to implement my requirement.
I have successfully implemented displaying reports list based on workspace/group id and able to display report data when user click on particular report from the list. This is working as expected.
Now, I have to apply Row Level Security for the reports. i.e., based on the role of the user, report data to be filtered and only reports should be displayed based on filtered data. I have tried but didn't get a solution for this.
Please see below screenshot of code to give you an idea how I am getting access token from authentication result. I am using the access token to get reports list and to display individual report.
I think I need to make changes in code. But I would require your help to get this sorted. Thanks
02-11-2019 05:42 AM - edited 02-11-2019 05:43 AM
If you are using User-Owns-Data then there is much less work to do. When using App-Owns-Data you must programatically generate an embed code with the RLS roles inside. But with User-Owns-Data, all of RLS is configured external to your applation.
Here are the basic steps.
- Add RLS roles to your Power BI Desktop project
- Publish the Power BI Desktop project to an app workspace
- In the Power BI Service, configure the users and groups for each role.
- Use Power BI embedding using the Azure AD access token created for each user.
At this point, RLS should work and Power BI embedding should only display the data for each user based on the role(s) they are in. I think you should be able to accomplsh this without any changes to your current application.