Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
I am not able to see Service Principal when trying to add a new member in Row Level Security.
Is it possible to add Service Principal in the screen below:
Solved! Go to Solution.
Hi @acbg
I don't find any documents how to add service principal in row level security.
It is said that :
To get started with service principal, you need to register a server-side web application in AAD to use with Power BI.
Note that the new AAD web application created in step 1 must be added to one of those security groups, to be able to authenticate to Power BI as a service principal.
Steps to use Service Principal:
https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal
Best Regards
Maggie
Thanks for your help.
Was able to figure it out: CustomData was included in our code eventhough it was set to null and once it was removed everything started working.
The only items that should be passed in RLS is Username, Role and DatasetID if the dataset is in Power BI. Username should be client/end username.
On the Power BI model, create the role and just set the Username field to filter to username().
For Analysis services CustomData needs to be included. Username would be SPN and CustomData would be client/end username.
RLS in Analysis services, Username should be set to CUSTOMDATA().
Hope this helps anyone else running into this.
Hi @acbg
Customers that configure row-level security (RLS) using an SQL Server Analysis Services (SSAS) on-premises live connection data source can enjoy the new service principal capability to manage users and their access to data in SSAS when integrating with Power BI Embedded.
Using Power BI REST APIs, allows you to specify the effective identity for SSAS on-premises live connections for an embed token using a service principal object.
For more details, please see here.
Best Regards
Maggie
Hi @v-juanli-msft ,
Does Power BI have to be connected to SSAS or Analysis Services to use ServicePrincipal?
Or can Power BI Imported data can use SPN as well?
Hi @acbg
I don't find any documents how to add service principal in row level security.
It is said that :
To get started with service principal, you need to register a server-side web application in AAD to use with Power BI.
Note that the new AAD web application created in step 1 must be added to one of those security groups, to be able to authenticate to Power BI as a service principal.
Steps to use Service Principal:
https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal
Best Regards
Maggie
Hi @v-juanli-msft ,
Looks like CustomData option only works for Analysis Services.
We are doing where App Owns the Data, the username passed through is the Service Principal but not sure how to pass the End Client username.
Is there a different option to pass end application user through for RLS?
The CustomData feature only works for models that lie in Azure Analysis Services, and it only works in Connect live mode.
https://docs.microsoft.com/en-us/power-bi/developer/embedded/embedded-row-level-security#using-the-c...
Thanks for your help.
Was able to figure it out: CustomData was included in our code eventhough it was set to null and once it was removed everything started working.
The only items that should be passed in RLS is Username, Role and DatasetID if the dataset is in Power BI. Username should be client/end username.
On the Power BI model, create the role and just set the Username field to filter to username().
For Analysis services CustomData needs to be included. Username would be SPN and CustomData would be client/end username.
RLS in Analysis services, Username should be set to CUSTOMDATA().
Hope this helps anyone else running into this.
Hi,
I am able to get responses using the service principal of my webapp from a powerbi dataset without RLS using powerbi API but it is giving an error 'PowerBINotAuthorizedException' when trying to use powerbi API to connect to a dataset with RLS enabled and the service principal added to the specific role.
Thanks in advance to any help possible.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.