cancel
Showing results for 
Search instead for 
Did you mean: 

Embedded dashboards don't show security exceptions

Hi,

Users have reported getting blank gray screen when trying to view a dashboard they don't have access to.

 

The same code works fine if there is access, so tokens are passed correctly. However, when the user doesn't have access, they just get gray background. The following error is shown in F12 tools:

 

Request URL:https://df-foo-bar-redirect.analysis.windows.net/metadata/embed/dashboard/1234-1234-1234...
Request Method:GET
Status Code:401 Unauthorized

Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJS

But the iframe is just gray after that with no message to the user.

 

Feek free to contact me under arsaveli MS alias

Status: Accepted
Comments
Super Contributor

@arsaveli

 

This should be a desired behaviour when you don't have access to view a dashboard. You can create an idea in https://ideas.powerbi.com.

 

Best Regards,
Herbert

Frequent Visitor

@v-haibl-msftyet the error experience when visiting this dashboard using the URL (not embedding) is different and says that dashboard hasn't been shared with me.

"Sorry, you do not have permission to view this dashboard. If you would like to access this dashboard, please submit a request"

this is a clear inconsistency, and looks like a bug to the end user.

Super Contributor

@arsaveli

 

I’ve reported it internally to Power BI Team to confirm about it: CRI 46002369
I’ll post here once I get any update about it.

 

Best Regards,
Herbert

Established Member
Status changed to: Accepted
 
Super Contributor

@arsaveli

 

I’ve got response from the Product Team.

 

This is a gap we are aware of and we’ll handle it with priority. As a mitigation, the IFrame posts loadDashboard event to the hosting app and there should be an indication for the failure such that the application owner can provide his own customized message (until the gap will be fixed). Please refer to our live sample tool for an example: https://microsoft.github.io/PowerBI-JavaScript/demo/v2-demo/index.html.

 

Best Regards,
Herbert