Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
sam87
New Member

Power BI User Role Table

I've a requirement to grant users outside of a domain to grant access to run reports.

 

1) Can we add new roles to the Role table in PowerBI DB tables ?

2) Is there any other way to control access for external users who are not part of a domain.

4 REPLIES 4
Skeletor
Helper I
Helper I

You'll need to set up custom authentication for users outside of the domain.

Here the link to the custom security solution sample:

 

https://github.com/Microsoft/Reporting-Services/tree/master/CustomSecuritySample

 

If you follow the steps correctly you can be set up within an hour or less.

Use powershell to generate your own machine key, dont use the one in the sample.

 

You should probably also install a web certificate for the Report Server Service, and Report Server Web Portal.

 

you'll need to open firewalls between you and your external user on the port that the web portal is running on.

 

IMPORTANT NOTE: This removes active directory authentication. If anyone knows how to set up dual or fall back authentication, please reply.

Anonymous
Not applicable

Is it possible to use this to prevent users logged into a website from viewing embedded reports by manipulating the iframe src?  How does an on-prem report server know which user has logged into an external website?

 

Example scenario.

 

  • 2 Reports are created on the report server.
    • Report A
    • Report B
  • Each of the 2 reports require different roles to view.
    • Access A
    • Access B
  • The reports are to be viewed by users on a website.  The reports are embedded in an iframe.
  • User A logs into the website and is greeted with an iframe with a src that defaults to the Report A url
  • User B logs into the website and is greeted with an iframe with a src that defaults to the Report B url
  • User B, while bored,
    • Decides to view the HTML page's source.
    • Changes the iframe's src value to the Report A url
    • The iframe loads Report A

 

Is it possible using an embedded iframe and an on-prem report server to prevent User B from viewing Report A?  How can the website tell the report server who is trying to view the report?

 

Thanks.

Willy,

 

I'm not aware of anyway to manipulate the iframe src to manage permissions.

 

If you are using windows authentication then yes, set permissions based on windows authentication

 

If you are using custom authentication for external users, then users have to login with credentials that you set up and provide them. It's also possible to pass cookies and/or automatically detect which user is grouped into which access group, report A or report B, and then have those credentials automatically entered by the application into the form. If they change URL's, that custom account won't have access to the other report, as long as you dont give it permissions on that one in PBIRS.

davidherc
New Member

Thanks for posting this, my team is also looking for help on this.  

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.