Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

Power BI Embedded - Leverage Application Security in Reports

‎04-05-2019 04:02 AM

Overall premise

Our product is built using microservices architecture leveraging azure stack like service fabric, comsosdb, azure API management and SPA using React etc. We do leverage concept like composite services also. Security is provided using azure active directory b2c. JWT Toekn is generated by AD and passed on to backend service. Authorization logic will be built inside the service  , authorization logic is complex - factoring many application specific details. 

 

Reporting Solution thought - For reporting , we have finalized power bi embedded as we wanted to build reports quickly. Data source for power bi will be backend REST services , specifically built for reports. One report - one service. We will keep on adding services as per report requirements. Services will have inbuilt authorization like other backend services . We want to leverage JWT Token and existing authorization logic inside services to manage data security. User interface will  request power bi and then power bi should call our backend service and send back report with latest data ; data access should be controlled by existing JWT token and authorizations logic. 

 

Current status

We have selected a subscription report for cementing our concept . The Backend api required for this report  (Data source) will look like https://comm.azure-api.net/peo/api/Subscriptions/.  This becomes data source for power bi. This API do have inbuilt logic for authorization which check for data access permission factoring tenant , user, other application specifics etc.

 

We have built overall solution using app owns data approach ; since we don't want our end users to invest on powerbi license. Any user should be able to access reports without any power bi account.

 

We have followed following article to accomplish this.

https://www.taygan.co/blog/2018/05/14/embedded-analytics-with-power-bi

Only instead of Azure functions here ; we have used service fabric as we already invested on it.

 

Now , issue is we couldn't find a way to leverage existing data security implementation i.e. JWT Token and authorization logic while accessing power bi report. We want to use same user permissions as we do use in application for reports also.

 

Expert do suggest approach to tackle this.

 

Labels:
Message 1 of 2
519 Views
0
1 REPLY 1
luisrh
Responsive Resident
Responsive Resident

‎05-01-2019 10:10 PM

I would accomplish this using Dynamic security approach which has been used with analysis services for many years.

The approach is straightforward.  You must create a security dimension with user names as well tied to entities you want to secure.   DAX leveraging  CustomData can allow you to set the user identity and then return just the data for the user based on their security grants (the data refreshes would update any new entity security you may have set to keep model up to date).

Please look at the post below that suggest how it can be done.    This relates to SSAS,  but you can also do this thru a Power BI model (which internally is using SSAS Tabular for model).

https://www.kasperonbi.com/dynamic-security-made-easy-with-ssas-2016-and-power-bi/

 

Good luck!

Luis

 

If you find this answers your question,  you may wish to mark as solved to allow other users to quickly find answer.

 

 

 

 

 

 

 

 

 

 

 

Message 2 of 2
427 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All