We have a problem where the USERNAME() is being cached when two users are using power bi embedded at the same time. This has only started happening recently. Its is causing the RLS to break and each user will see the other users data.Please can it be looked at, it is breaking RLS
Seems like could not reproduce it in my side as far as my test.
Have you tried to use different browsers like Chrome, Edge etc. or use the inprivate mode to check this issue again.
If this issue still happens, you can consider sharing more details about it.
Best Regards,Community Support Team _ Yingjie Li
Thanks for the reply.
We are able to replicate it now, we are generating a token and passing it to microsoft for embedding the power bi report, but the report is using someone elses token when being viewed.
usually its the token of the person who either last viewed it or viewed it a few minutes ago.
This has only started happening at the end of last week, it is breaking our user based RLS.
Please can it be investigated? Usually takes 2 or 3 refreshes to pick up someone elses credentials
Just to confirm this has been working fine for 3 or 4 years prior to this, however we cant replicate it in the sandbox, only on our system
We are attempting to quickly re-write it in React, preliminary testing was successful and we couldnt replicate it, but could easily before.
Have you been able to replicate it in the sandbox environment? https://playground.powerbi.com/en-us/
As you say Microsoft are aware and looking into it, please let us know if you have a solution.
Thanks for the reply, what mechanism did you use for the failsafe? Sounds like a sensible idea
As a failsafe, we added a visual to every report page that would display CUSTOMDATA() (which is what we use for identifying users, you would probably use USERNAME()). As we're embedding the reports in an Electron app, we're able to break into the embedded iframe, grab the actual rendered content of that visual and verify it against the user context that we expect in the app. If it doesn't match, it aborts the load, boots the user, and we get panic alarms to intervene.
We hoped that failsafe would just be a precaution, but alas - it did trigger, so now we're also offline.
Did you manage to resolve the problem? After the React.js re-write we couldnt replicate and havent had any instances of the fail-safe triggering.
I'm sure you have, but just interested in how it resolved in the end?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.