Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
Zuv
Frequent Visitor

Row level security on Power BI Embedded, can't get Username() working

Hello,

I got stuck with a problem, I can get a token, call PowerBI Rest Api, get datasets, see dashboards, and so on.

I am using Embedded, not Premium.

Mine problem is -- I can't get working RLS within username, it works fine with Role, but it can't grab token with username, always the same result - same data, and seems like username is ignored. There is how I get a token in PHP:

public function getDashboardTokenWithRoles($workspaceId,$reportId,$username,$role) {

                $key = env('ACCESS_KEY');
                $collection_name = env('WORKSPACE_COLLECTION');
                $payload = [
                    "ver" => "0.2.0",
                    // "type" => "embed",
                    "wcn" => $collection_name,
                    "wid" => $workspaceId,
                    "rid" => $reportId,
                    "iss" => "PowerBISDK",
                    "username" => $username,
                    "role" => $role,
                    "aud" => "https://analysis.windows.net/powerbi/api",
                    "exp" => time()+60*60,
                    "nbf" => time()
                ];
                $tokenListing = JWT::encode($payload, $key);
                return ($tokenListing);
        }

I do have a feeling that username not supported, anymore.

According:

"If you are calling the REST API, the updated API now accepts an additional JSON array, named identities, containing a user name, list of string roles and list of string datasets, e.g.:"

https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security

And new rest Api has different approach for that:

https://msdn.microsoft.com/en-us/library/mt784614.aspx

Maybe I am not passing something important in JavaScript frontend side? What I am passing is:

<div id="reportas" style="height:85%;margin-top:30px;"
                    powerbi-type="report"
                    powerbi-access-token=""
                    powerbi-report-id=""
                    powerbi-embed-url="https://embedded.powerbi.com/appTokenReportEmbed">
</div>

Does it works without Premium? 

Thank you for your help:)

 
1 ACCEPTED SOLUTION
v-ljerr-msft
Employee
Employee

Hi @Zuv,

 

Power BI Embedded(Azure Workspace Collections) should also support datasets configured with RLS.

 

In this scenario, users are authenticated and authorized by your application and App tokens are used to grant that user access to a specific Power BI Embedded report. Power BI Embedded doesn’t have any specific information on who your user is. For RLS to work, you need to pass some additional context as part of your app token:

  • username (optional) – Used with RLS this is a string that can be used to help identify the user when applying RLS rules. See Using Row Level Security with Power BI Embedded
  • roles – A string containing the roles to select when applying Row Level Security rules. If passing more than one role, they should be passed as a string array.

You create the token by using the CreateReportEmbedToken method. If the username property is present, you must also pass at least one value in roles.

For example, you could change the EmbedSample. DashboardController line 55 could be updated from

var embedToken = PowerBIToken.CreateReportEmbedToken(this.workspaceCollection, this.workspaceId, report.Id);

to

var embedToken = PowerBIToken.CreateReportEmbedToken(this.workspaceCollection, this.workspaceId, report.Id, "Andrew Ma", 

For more details about row level security with Power BI Workspace Collections, you can refer to this article. Smiley Happy

 

Regards

View solution in original post

2 REPLIES 2
v-ljerr-msft
Employee
Employee

Hi @Zuv,

 

Power BI Embedded(Azure Workspace Collections) should also support datasets configured with RLS.

 

In this scenario, users are authenticated and authorized by your application and App tokens are used to grant that user access to a specific Power BI Embedded report. Power BI Embedded doesn’t have any specific information on who your user is. For RLS to work, you need to pass some additional context as part of your app token:

  • username (optional) – Used with RLS this is a string that can be used to help identify the user when applying RLS rules. See Using Row Level Security with Power BI Embedded
  • roles – A string containing the roles to select when applying Row Level Security rules. If passing more than one role, they should be passed as a string array.

You create the token by using the CreateReportEmbedToken method. If the username property is present, you must also pass at least one value in roles.

For example, you could change the EmbedSample. DashboardController line 55 could be updated from

var embedToken = PowerBIToken.CreateReportEmbedToken(this.workspaceCollection, this.workspaceId, report.Id);

to

var embedToken = PowerBIToken.CreateReportEmbedToken(this.workspaceCollection, this.workspaceId, report.Id, "Andrew Ma", 

For more details about row level security with Power BI Workspace Collections, you can refer to this article. Smiley Happy

 

Regards

Does Embedded RLS work without Premium?

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors
Top Kudoed Authors