Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
PallaviKGVG
Helper I
Helper I

Row level security with multiple roles

‎07-11-2018 10:24 PM

Hi,

 

I have a report built and pushed on to power bi service. When i am embeding the report using Azure AD, i want to get a report filtered with the clientid and locationid which can be dynamic value.

Currently, i am getting the report which filtered with client id where i am using row level security role as 'Dispensary' and filter as clientid=USERNAME() on mange roles. Since, where i use to generate token on webapplication by passing username as client id and roles as ["Dispensary"] but , now i have another condition comes in where i have to get a report based on codition that is locationid and clientid . 

 

 How can i achieve this?

 

Thanks in advance.

Pallavi K

Labels:
Message 1 of 11
6,645 Views
0
10 REPLIES 10
v-jiascu-msft
Employee
Employee

‎07-12-2018 11:51 PM

Hi Pallavi,

 

It seems your embedded mode is "App Owns Data". Please refer to developer/embedded-row-level-security.

1. I would suggest you create two roles based on locationid and clientid. One role is also good if the two fields can be combined.

{
    "accessLevel": "View",
    "identities": [
        {
            "username": "EffectiveIdentity",
            "roles": [ "Role1", "Role2" ],
            "datasets": [ "fe0a1aeb-f6a4-4b27-a2d3-b5df3bb28bdc" ]
        }
    ]
}

2. If not for the sake of security, I would suggest you use slicers to make the two fields dynamic. 

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 2 of 11
6,592 Views
0
PallaviKGVG
Helper I
Helper I
In response to v-jiascu-msft

‎07-13-2018 12:40 AM

Thank you v-jiascu-msft.

 

Currently, for generatingtoken with single role i am passing the post request body as 

$clientid = "2";

{
"accessLevel": "View",
"identities": [
{
"username": $clientid ,
"roles": [ "Client" ],
"datasets": [ "9b61d620-e6ac-41fc-b2c9-3f1d89241a03" ]
}
]
}

 

Another field that comes in now is 

$location = "3";//Can be multiple location under client

 

Note: I may have multiple location under single client [under client 2 i may have location id 2,3,4 etc] and i have 2 different table called Clients and Locations. 

 

In Bi desktop i have Client role created as client_id = USERNAME(); (I have duplicated client id column as string)

How i can pass the location for username property of identities, where it takes single value?

What can be done at the power bi desktop to create the roles for both clients and locations ?

 

 

Thanks and regards

Pallavi

Message 3 of 11
6,589 Views
0
v-jiascu-msft
Employee
Employee
In response to PallaviKGVG

‎07-22-2018 06:19 AM

Hi @PallaviKGVG,

 

Could you please mark the proper answer as a solution?

 

Best Regards,
Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 5 of 11
6,558 Views
0
PallaviKGVG
Helper I
Helper I
In response to v-jiascu-msft

‎08-07-2018 03:15 AM

Hi @v-jiascu-msft,

 

The issue is no yet solved.

I need to get a report as such where client_id = 2 and location_id =1  (Single client may have different locations). When i want to render a report , where the location_id is only 1. 

 

reffer image for the relationship.

 

query21.JPG

 

So, How i can achive that?

The client and locationid can be dynamic. As 'username' in identities takes only single value where can i pass location_id like just 1?.

How my role level security created at the desktop?

 

In the above solution, when i create the role as such, i wil get a report for that particular client and all locations under that client. But, in this case i need a single location that is under client, i mean to say that location id and client id is send to the api at the time of embedding in the webapplication.

 

something like this ?

 

$clientid = "2";

{
"accessLevel": "View",
"identities": [
{
"username": $clientid ,$location_id
"roles": [ "Client","Location" ],
"datasets": [ "9b61d620-e6ac-41fc-b2c9-3f1d89241a03" ]
}
]
}

 

 

If their is something to solve this issue is very helpfull.

 

Thank you

Pallavi

Message 6 of 11
6,526 Views
0
PallaviKGVG
Helper I
Helper I
In response to PallaviKGVG

‎08-13-2018 12:45 AM

Hi, any updates on the above issueSmiley Sad

 

Thank you

Pallavi

Message 7 of 11
6,505 Views
0
v-jiascu-msft
Employee
Employee
In response to PallaviKGVG

‎08-13-2018 02:49 AM

Hi Pallavi,

 

Do you do this for security? The RLS roles in this scenario are PRE-defined. We just bind them with users. So there isn't something like "client_id = 2 and location_id =1" when we apply RLS. There is only Role1 or Role2. The rules of Role1 is client_id = 2 and location_id =1". If you want some data of where the location_id is only 1, there will be a role, let's call it Role 3, with rules "location_id = 1". Please give it a try.

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 8 of 11
6,500 Views
0
PallaviKGVG
Helper I
Helper I
In response to v-jiascu-msft

‎08-13-2018 05:47 AM

Thank you Dale,

 

I understand the solution(The rules of Role1 is client_id = 2 and location_id =1". If you want some data of where the location_id is only 1, there will be a role, let's call it Role 3, with rules "location_id = 1"). 

 

But, i cannot hardcode the location id and client id in role(like "location_id = 1" and client_id = 2), where i am embeding the report into web application, i won't be knowing which client and location user logged in to application(Location and client id is dynamic always).

 

When i logged in to web application and when the reports rendered through power bi rest api,  i should be seeing only respective client and respective location report data.

 

I have rised this question with respect to report embed on webapplication.

 

Thank you

Pallavi

Message 9 of 11
6,497 Views
0
Anonymous
Not applicable
In response to PallaviKGVG

‎12-17-2018 10:32 AM

Was there any solution to this. I am having an extremely similar issue in my company right now.

Message 11 of 11
2,702 Views
0
v-jiascu-msft
Employee
Employee
In response to PallaviKGVG

‎08-13-2018 06:45 PM

Hi Pallavi,

 

Let's make the scenario clearer first. 

 

Is it the "App Owns Data"? If so, there is only one PBI account. Let's assume it as "Admin". 

 

So PBI will always get requests from "Admin". How can it know which client_id it is? That's why the roles are here. PBI Service doesn't need to know who logged in. If the application request contents of "role1", the PBI Service will return the contents of "role1". 

 

How could it be that "Location and client id is dynamic always"? Client 1 has location 1 this time while client 1 will have location 2 next time?

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 10 of 11
6,487 Views
0
v-jiascu-msft
Employee
Employee
In response to PallaviKGVG

‎07-13-2018 01:15 AM

Hi Pallavi,

 

We can set many rules for one role at the same time. So we can only create one role for your scenario. Please refer to the snapshot below.

Row_level_security_with_multiple_roles

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 4 of 11
6,582 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All