Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
Anonymous
Not applicable

Row-Level Security with Power BI Embedded and Azure Analysis Services

‎09-28-2017 02:28 AM

We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.

 

One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.

 

Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop. However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, then not add any members to these roles and instead pass in the Role and Username at the embed token creation point and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?

 

Please let me know if that doesn't make sense and I'll try a different way of explaining it!

 

Thanks!

Labels:
Message 1 of 2
13,216 Views
0
1 ACCEPTED SOLUTION
Eric_Zhang
Employee
Employee

‎09-29-2017 02:43 AM
@Anonymous wrote:

We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.

 

One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.

 

Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop. However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, then not add any members to these roles and instead pass in the Role and Username at the embed token creation point and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?

 

Please let me know if that doesn't make sense and I'll try a different way of explaining it!

 

Thanks!

@Anonymous

In import mode(opposite to live connection), the internal roles in AAS has nothing to do with the roles defined in Power BI desktop. In scenario Embedding with non-Power BI users (app owns data), you can pass roles and usersname at embed token creation. See Row-level security (RLS) with embedded analytics

View solution in original post

Message 2 of 2
13,925 Views
0
1 REPLY 1
Eric_Zhang
Employee
Employee

‎09-29-2017 02:43 AM
@Anonymous wrote:

We are looking at moving our Workspace Collection based Power BI Embedded reports into the new Power BI Premium model. We are also starting to leverage Azure Analysis Services with some of our reports.

 

One question we have which we can't find an answer for is whether Row Level Security still works in the same way with Power BI Premium embedding and specifically with Azure Analysis Services.

 

Currently, we have our own User Authentication module in our applications that use RLS by passing in a role and a non-AD username that is mapped in our data models and using RLS in PBI Desktop. However, from what I have read, when moving our model to Azure AS, the roles are defined in the AS model then AD members are added to these roles. Can anyone answer the question: is it possible to define roles and the corresponding DAX functions for these roles in AAS, then not add any members to these roles and instead pass in the Role and Username at the embed token creation point and for that to be passed to the AAS model and returned in the USERNAME() DAX function that is previously defined?

 

Please let me know if that doesn't make sense and I'll try a different way of explaining it!

 

Thanks!

@Anonymous

In import mode(opposite to live connection), the internal roles in AAS has nothing to do with the roles defined in Power BI desktop. In scenario Embedding with non-Power BI users (app owns data), you can pass roles and usersname at embed token creation. See Row-level security (RLS) with embedded analytics

Message 2 of 2
13,926 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All