Reply
Zuv Frequent Visitor
Frequent Visitor
Posts: 13
Registered: ‎04-26-2016
Accepted Solution

Row level security on Power BI Embedded, can't get Username() working

Hello,

I got stuck with a problem, I can get a token, call PowerBI Rest Api, get datasets, see dashboards, and so on.

I am using Embedded, not Premium.

Mine problem is -- I can't get working RLS within username, it works fine with Role, but it can't grab token with username, always the same result - same data, and seems like username is ignored. There is how I get a token in PHP:

public function getDashboardTokenWithRoles($workspaceId,$reportId,$username,$role) {

                $key = env('ACCESS_KEY');
                $collection_name = env('WORKSPACE_COLLECTION');
                $payload = [
                    "ver" => "0.2.0",
                    // "type" => "embed",
                    "wcn" => $collection_name,
                    "wid" => $workspaceId,
                    "rid" => $reportId,
                    "iss" => "PowerBISDK",
                    "username" => $username,
                    "role" => $role,
                    "aud" => "https://analysis.windows.net/powerbi/api",
                    "exp" => time()+60*60,
                    "nbf" => time()
                ];
                $tokenListing = JWT::encode($payload, $key);
                return ($tokenListing);
        }

I do have a feeling that username not supported, anymore.

According:

"If you are calling the REST API, the updated API now accepts an additional JSON array, named identities, containing a user name, list of string roles and list of string datasets, e.g.:"

https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security

And new rest Api has different approach for that:

https://msdn.microsoft.com/en-us/library/mt784614.aspx

Maybe I am not passing something important in JavaScript frontend side? What I am passing is:

<div id="reportas" style="height:85%;margin-top:30px;"
                    powerbi-type="report"
                    powerbi-access-token=""
                    powerbi-report-id=""
                    powerbi-embed-url="https://embedded.powerbi.com/appTokenReportEmbed">
</div>

Does it works without Premium? 

Thank you for your helpSmiley Happy

 

Accepted Solutions
Super Contributor
Posts: 3,697
Registered: ‎07-17-2016

Re: Row level security on Power BI Embedded, can't get Username() working

[ Edited ]

Hi @Zuv,

 

Power BI Embedded(Azure Workspace Collections) should also support datasets configured with RLS.

 

In this scenario, users are authenticated and authorized by your application and App tokens are used to grant that user access to a specific Power BI Embedded report. Power BI Embedded doesn’t have any specific information on who your user is. For RLS to work, you need to pass some additional context as part of your app token:

  • username (optional) – Used with RLS this is a string that can be used to help identify the user when applying RLS rules. See Using Row Level Security with Power BI Embedded
  • roles – A string containing the roles to select when applying Row Level Security rules. If passing more than one role, they should be passed as a string array.

You create the token by using the CreateReportEmbedToken method. If the username property is present, you must also pass at least one value in roles.

For example, you could change the EmbedSample. DashboardController line 55 could be updated from

var embedToken = PowerBIToken.CreateReportEmbedToken(this.workspaceCollection, this.workspaceId, report.Id);

to

var embedToken = PowerBIToken.CreateReportEmbedToken(this.workspaceCollection, this.workspaceId, report.Id, "Andrew Ma", 

For more details about row level security with Power BI Workspace Collections, you can refer to this article. Smiley Happy

 

Regards

View solution in original post


All Replies
Super Contributor
Posts: 3,697
Registered: ‎07-17-2016

Re: Row level security on Power BI Embedded, can't get Username() working

[ Edited ]

Hi @Zuv,

 

Power BI Embedded(Azure Workspace Collections) should also support datasets configured with RLS.

 

In this scenario, users are authenticated and authorized by your application and App tokens are used to grant that user access to a specific Power BI Embedded report. Power BI Embedded doesn’t have any specific information on who your user is. For RLS to work, you need to pass some additional context as part of your app token:

  • username (optional) – Used with RLS this is a string that can be used to help identify the user when applying RLS rules. See Using Row Level Security with Power BI Embedded
  • roles – A string containing the roles to select when applying Row Level Security rules. If passing more than one role, they should be passed as a string array.

You create the token by using the CreateReportEmbedToken method. If the username property is present, you must also pass at least one value in roles.

For example, you could change the EmbedSample. DashboardController line 55 could be updated from

var embedToken = PowerBIToken.CreateReportEmbedToken(this.workspaceCollection, this.workspaceId, report.Id);

to

var embedToken = PowerBIToken.CreateReportEmbedToken(this.workspaceCollection, this.workspaceId, report.Id, "Andrew Ma", 

For more details about row level security with Power BI Workspace Collections, you can refer to this article. Smiley Happy

 

Regards

Visitor
Posts: 1
Registered: ‎05-06-2018

Re: Row level security on Power BI Embedded, can't get Username() working

Does Embedded RLS work without Premium?