cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Power BI Embedded - Leverage Application Security in Reports

Overall premise

Our product is built using microservices architecture leveraging azure stack like service fabric, comsosdb, azure API management and SPA using React etc. We do leverage concept like composite services also. Security is provided using azure active directory b2c. JWT Toekn is generated by AD and passed on to backend service. Authorization logic will be built inside the service  , authorization logic is complex - factoring many application specific details. 

 

Reporting Solution thought - For reporting , we have finalized power bi embedded as we wanted to build reports quickly. Data source for power bi will be backend REST services , specifically built for reports. One report - one service. We will keep on adding services as per report requirements. Services will have inbuilt authorization like other backend services . We want to leverage JWT Token and existing authorization logic inside services to manage data security. User interface will  request power bi and then power bi should call our backend service and send back report with latest data ; data access should be controlled by existing JWT token and authorizations logic. 

 

Current status

We have selected a subscription report for cementing our concept . The Backend api required for this report  (Data source) will look like https://comm.azure-api.net/peo/api/Subscriptions/.  This becomes data source for power bi. This API do have inbuilt logic for authorization which check for data access permission factoring tenant , user, other application specifics etc.

 

We have built overall solution using app owns data approach ; since we don't want our end users to invest on powerbi license. Any user should be able to access reports without any power bi account.

 

We have followed following article to accomplish this.

https://www.taygan.co/blog/2018/05/14/embedded-analytics-with-power-bi

Only instead of Azure functions here ; we have used service fabric as we already invested on it.

 

Now , issue is we couldn't find a way to leverage existing data security implementation i.e. JWT Token and authorization logic while accessing power bi report. We want to use same user permissions as we do use in application for reports also.

 

Expert do suggest approach to tackle this.

 

1 REPLY 1
Highlighted
luisrh Helper V
Helper V

Re: Power BI Embedded - Leverage Application Security in Reports

I would accomplish this using Dynamic security approach which has been used with analysis services for many years.

The approach is straightforward.  You must create a security dimension with user names as well tied to entities you want to secure.   DAX leveraging  CustomData can allow you to set the user identity and then return just the data for the user based on their security grants (the data refreshes would update any new entity security you may have set to keep model up to date).

Please look at the post below that suggest how it can be done.    This relates to SSAS,  but you can also do this thru a Power BI model (which internally is using SSAS Tabular for model).

https://www.kasperonbi.com/dynamic-security-made-easy-with-ssas-2016-and-power-bi/

 

Good luck!

Luis

 

If you find this answers your question,  you may wish to mark as solved to allow other users to quickly find answer.

 

 

 

 

 

 

 

 

 

 

 

Helpful resources

Announcements
New Ranks Launched March 24th!

New Ranks Launched March 24th!

The time has come: We are finally able to share more details on the brand-new ranks coming to the Power BI Community!

‘Better Together’ Contest Finalists Announced!

‘Better Together’ Contest Finalists Announced!

Congrats to the finalists of our ‘Better Together’-themed T-shirt design contest! Click for the top entries.

Arun 'Triple A' Event Video, Q&A, and Slides

Arun 'Triple A' Event Video, Q&A, and Slides

Missed the Arun 'Triple A' event or want to revisit it? We've got you covered! Check out the video, Q&A, and slides now.

Join THE global Microsoft Power Platform event series.

Join THE global Power Platform event series.

Attend for two days of expert-led learning and innovation on topics like AI and Analytics, powered by Dynamic Communities.

Community Summit North America

Community Summit North America

Innovate, Collaborate, Grow. The top training and networking event across the globe for Microsoft Business Applications

Top Solution Authors