Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Hello.
I have a question that might be my problem of understanding power bi embeded security.
I managed to create own app application using power bi embedded A1 capacity with Azure Analysis Service cube as data source and RLS.....
For ISV sharing (with my customers) I use a Native Azure AD app for OAUTH autentication using single master Service account on AD. I Also use Azure key valut to get such user account so it is not part of the application code.....
All work fine and I get the report open in browser.
I applied Javascript Filter to the report and it also work fine.
My concern is >
when I do view source for the html page I can see the access token variable together with report id... and the java script filter.
with all 3 variables what will prevent a customer from taking the access token to write his own html, but will change the java script filter to something else (another customer name).
I tried it myself taking the access token and report Id from my app and put it in this demo site page https://microsoft.github.io/PowerBI-JavaScript/demo/v2-demo/index.html#
and I got the full report with no filters.
Solved! Go to Solution.
So, If I create a Power BI Report for my customers, and I have hundreds of customers, do I need to create hundreds of roles and tokens?
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.
User | Count |
---|---|
13 | |
2 | |
2 | |
1 | |
1 |