Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
fedebona
Frequent Visitor

Row Level Security to customized authentication

‎07-13-2020 10:36 AM

I have an instance of PBIRS on premises (May 2020). I implemented my own authentication and authorization libraries implementing  IAuthenticationExtension and IAuthorizationExtension.

I created a principal name called "everyone" allowing permissions to all users in the CheckAccess methods.

When I go to a report with RLS anyways it doesn't work and I get the following log

 

Exception of type 'Microsoft.PowerBI.ReportServer.WebApi.ASConnection.RlsNotAuthorizedForModelException' was thrown

 

Do I have to do something more? Is permission check for RLS different from the other ones?

Labels:
Message 1 of 4
1,631 Views
0
1 ACCEPTED SOLUTION
gboreki
Employee
Employee

‎07-15-2020 09:57 AM

Yes, checks for RLS are different since those are not server permissions. We don't have in our custom authentication interfaces the ability to determine if a user is part of a group, so group roles are unsupported with custom auth. Feel free to post this int he ideas forum to help the team prioritize the ask: https://ideas.powerbi.com/

 

Thanks

-Boreki

View solution in original post

Message 2 of 4
1,561 Views
0
3 REPLIES 3
gboreki
Employee
Employee

‎07-15-2020 09:57 AM

Yes, checks for RLS are different since those are not server permissions. We don't have in our custom authentication interfaces the ability to determine if a user is part of a group, so group roles are unsupported with custom auth. Feel free to post this int he ideas forum to help the team prioritize the ask: https://ideas.powerbi.com/

 

Thanks

-Boreki

Message 2 of 4
1,562 Views
0
Arklur
Resolver II
Resolver II
In response to gboreki

‎09-29-2020 03:05 AM

@gboreki 

 

Even though this is about custom auth, it seems that even with Basic it's not working. When we add a group to a role, a new login window popup comes up when someone in that group opens the report and it doesn't accept the 100% sure valid credentials (user/pwd). Works fine if we add specifically the user himself and not through the group. So can we say currently it's not possible to put groups into RLS roles, only users? If this is not supported, why is this even possible?

 

Why the docs says that you should be able to do this? https://docs.microsoft.com/en-us/power-bi/report-server/row-level-security-report-server

 

"Enter the user or group in the text box in the Username format (DOMAIN\user) and select the roles you wish to assign to them. The member has to be within your organization."

 

Are you sure it's working at all? If yes, any recommendations what could be the problem? What should we look for?

Message 3 of 4
1,450 Views
0
gboreki
Employee
Employee
In response to Arklur

‎09-29-2020 07:53 AM

Groups are supported for windows authentication. If you are seeing issues with that you should contact support so it can be investigated.

Message 4 of 4
1,425 Views

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All