Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
acbg
Resolver III
Resolver III

Row Level Security - Service Principal

‎05-06-2020 03:05 PM

I am not able to see Service Principal when trying to add a new member in Row Level Security.

Is it possible to add Service Principal in the screen below:

RLS.jpg

Labels:
Message 1 of 7
2,911 Views
0
2 ACCEPTED SOLUTIONS
v-juanli-msft
Community Support
Community Support
In response to acbg

‎05-11-2020 12:40 AM

Hi @acbg 

I don't find any documents how to add service principal in row level security.

It is said that :

To get started with service principal, you need to register a server-side web application in AAD to use with Power BI.

Note that the new AAD web application created in step 1 must be added to one of those security groups, to be able to authenticate to Power BI as a service principal.

 

Steps to use Service Principal:

https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal

 

Best Regards

Maggie

 

View solution in original post

Message 4 of 7
2,858 Views
acbg
Resolver III
Resolver III
In response to acbg

‎05-12-2020 06:37 AM

@v-juanli-msft 

 

Thanks for your help.

 

Was able to figure it out: CustomData was included in our code eventhough it was set to null  and once it was removed everything started working.

 

The only items that should be passed in RLS is Username, Role and DatasetID if the dataset is in Power BI. Username should be  client/end username.

On the Power BI model, create the role and just set the Username field to filter to username().

 

For Analysis services CustomData needs to be included. Username would be SPN and CustomData would be client/end username.

RLS in Analysis services, Username should be set to CUSTOMDATA().

 

Hope this helps anyone else running into this.

View solution in original post

Message 6 of 7
2,840 Views
6 REPLIES 6
v-juanli-msft
Community Support
Community Support

‎05-06-2020 04:23 PM

Hi @acbg 

Customers that configure row-level security (RLS) using an SQL Server Analysis Services (SSAS) on-premises live connection data source can enjoy the new service principal capability to manage users and their access to data in SSAS when integrating with Power BI Embedded.

Using Power BI REST APIs, allows you to specify the effective identity for SSAS on-premises live connections for an embed token using a service principal object.

For more details, please see here.

 

Best Regards

Maggie

 

 

Message 2 of 7
2,890 Views
0
acbg
Resolver III
Resolver III
In response to v-juanli-msft

‎05-06-2020 06:07 PM

Hi @v-juanli-msft ,

 

Does Power BI have to be connected to SSAS or Analysis Services to use ServicePrincipal?

 

Or can Power BI Imported data can use SPN as well?

Message 3 of 7
2,877 Views
0
v-juanli-msft
Community Support
Community Support
In response to acbg

‎05-11-2020 12:40 AM

Hi @acbg 

I don't find any documents how to add service principal in row level security.

It is said that :

To get started with service principal, you need to register a server-side web application in AAD to use with Power BI.

Note that the new AAD web application created in step 1 must be added to one of those security groups, to be able to authenticate to Power BI as a service principal.

 

Steps to use Service Principal:

https://docs.microsoft.com/en-us/power-bi/developer/embedded/embed-service-principal

 

Best Regards

Maggie

 

Message 4 of 7
2,859 Views
acbg
Resolver III
Resolver III
In response to v-juanli-msft

‎05-11-2020 05:22 PM

Hi @v-juanli-msft ,

 

Looks like CustomData option only works for Analysis Services.

 

We are doing where App Owns the Data, the username passed through is the Service Principal but not sure how to pass the End Client username.

 

Is there a different option to pass end application user through for RLS?

 

The CustomData feature only works for models that lie in Azure Analysis Services, and it only works in Connect live mode.
https://docs.microsoft.com/en-us/power-bi/developer/embedded/embedded-row-level-security#using-the-c...

 

Message 5 of 7
2,851 Views
0
acbg
Resolver III
Resolver III
In response to acbg

‎05-12-2020 06:37 AM

@v-juanli-msft 

 

Thanks for your help.

 

Was able to figure it out: CustomData was included in our code eventhough it was set to null  and once it was removed everything started working.

 

The only items that should be passed in RLS is Username, Role and DatasetID if the dataset is in Power BI. Username should be  client/end username.

On the Power BI model, create the role and just set the Username field to filter to username().

 

For Analysis services CustomData needs to be included. Username would be SPN and CustomData would be client/end username.

RLS in Analysis services, Username should be set to CUSTOMDATA().

 

Hope this helps anyone else running into this.

Message 6 of 7
2,841 Views
kurianuthuppu
Regular Visitor
In response to acbg

‎01-15-2024 09:28 PM

Hi, 

I am able to get responses using the service principal of my webapp from a powerbi dataset without RLS using powerbi API but it is giving an error 'PowerBINotAuthorizedException' when trying to use powerbi API to connect to a dataset with RLS enabled and the service principal added to the specific role. 

Thanks in advance to any help possible.

Message 7 of 7
228 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All