power bi RLS doesn't render filtered report while ...

Sanjana · ‎09-09-2019

I have ceated a report with RLS and have created a test role, added member and applied DAX filter. While viewing it as test role on power bi desktop it returns the filtered row values but while calling it from application using the embedded token with effective identity it returns the all/complete rows instead of filtered rows. Below is the code for token generation

Report report = client.Reports.GetReportInGroup(groupId, reportId);
                Dataset reportDataset = client.Datasets.GetDatasetByIdInGroup(groupId, report.DatasetId);
                if(reportDataset.IsEffectiveIdentityRolesRequired==true)
                {
                    generateTokenRequestParameters = new GenerateTokenRequest("view", null, identities: new List<EffectiveIdentity> { new EffectiveIdentity(username: userName, datasets: new List<string> { report.DatasetId }, roles: rolesList) });
                }
                else
                {
                    generateTokenRequestParameters = new GenerateTokenRequest("view");
                }
                token = await client.Reports.GenerateTokenInGroupAsync(groupId, reportId, new GenerateTokenRequest());
                return token;

Please suggest what should i do to get the filtered row values

Jayendran · ‎09-10-2019

Hi Sannjana,

Are your correctly passing the username and roleslist ?

Please include some additional conditions

if (datasets.IsEffectiveIdentityRolesRequired == true)
                    {
                        if (username != null && rolesList != null && rolesList.Count()>0)
                        {
                            generateTokenRequestParameters = new GenerateTokenRequest("view", null, identities: new List<EffectiveIdentity> { new EffectiveIdentity(username: userName, datasets: new List<string> { report.DatasetId }, roles: rolesList) });
                        }

Also please see the official document reference

https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security#applying-user-and-ro...

Sanjana · ‎09-10-2019

@Jayendran yes I am passing the username and roleslist, even i have tested with static values for roles and username but the result was the same. The Power BI tenant and Organization tenant I am using are different active directories and I am using Service account for authentication and the username passed is different can this be the issue for it?

Although all the documentation available states that the username and role are mandatory. Is there any roadmap where we can avoid adding members to the roles and only passing role would workout.

Thanks!

Jayendran · ‎09-13-2019

Hi @Sanjana

What do you mean by Organization tenant and PowerBI Tenant are different ?

The Service Account for autentication is for PowerBI Embedded and the username passed for the RLS , so this doesn't cause the issue (Even though it's same or diffferent ,it doesn't matter at all)

For you other question regarding the roles and users, without assigning a specific role to a specific user what will the purpose of RLS ? By keeping only role how could you tell that this role is assigned to this group of members ?

power bi RLS doesn't render filtered report while using embed token with effective identity

Helpful resources

Microsoft Fabric Learn Together

Power BI Monthly Update - April 2024

Fabric Community Update - April 2024