Events
Power BI DataViz World Championships
Feb 14, 4 PM - Mar 31, 4 PM
With 4 chances to enter, you could win a conference package and make it to the LIVE Grand Finale in Las Vegas
Learn moreThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
APPLIES TO:
App owns data
User owns data
This article explains how to embed a paginated report that uses RLS (row-level security) into your app owns data application.
Note
This article is only relevant for app owns data customers.
To use RLS for your paginated reports:
This article assumes that you know how to embed a Power BI paginated report. It explains how to generate the embed token so that the report only shows what the user has permission to access.
Paginated reports are created using the SQL Server Reporting Services engine, and not the Power BI (Analysis Services) engine, so the RLS filtering is set up in Power BI Report Builder.
To apply row-level security to a Power BI paginated report, use the built-in field UserID to assign a parameter. This parameter is used to filter or query your data.
Then, pass the UserID to the Embed Token - Generate Token API to get the embed token.
You can use UserId as a filter or in a query to the data source.
In the Semantic model Properties window, from the left pane, select Filter.
From the Expression dropdown menu, select the parameter you want to use for filtering the data.
Select the Value function button.
In the Expression window, from the Category list, select Built-in Fields.
From the Item list, select UserID and select OK.
In the Semantic model Properties window, verify that the expression is your selected parameter = UserID, and select OK.
In the Semantic model Properties window, from the left navigation pane, select Parameters, and select Add.
In the Parameter Name field enter @UserID, and in the Parameter Value add [&UserID].
From the left pane, select Query, in the Query add the UserID parameter as part of your query, and select OK.
Note
In the screenshot below the color parameter is used as an example (WHERE FinalTable.Color = @UserID). If needed, you can create a more complex query.
When you embed a paginated report for your customers, use the Reports GenerateTokenInGroup API to get the embed token. This token can also be used to filter some data out of the paginated report.
You can only generate a token using a service principal. You can't generate a token as a master user. The service principal has to have at least member permissions to the workspace in the Power BI service. (If the service principal is a contributor or viewer it isn't able to generate a token).
To generate a token, assign the username
field with the information you want to display. For example, in a paginated report that has a color parameter, if you enter green in the username
field, the embed token restricts the embedded data to just the data that has green as its value in the color column.
{
"reports": [
{
"id": "8d57615e-cfed-4d60-bd21-7dc05727193c"
}
],
"identities": [
{
"username": "green",
"reports": [
"8d57615e-cfed-4d60-bd21-7dc05727193c"
]
}
]
}
Note
If you generate embed token without specifying a user-id, the object-id of service principal will be used.
Events
Power BI DataViz World Championships
Feb 14, 4 PM - Mar 31, 4 PM
With 4 chances to enter, you could win a conference package and make it to the LIVE Grand Finale in Las Vegas
Learn moreTraining
Module
Implement row-level security - Training
Row-level security (RLS) allows you to create a single or a set of reports that targets data for a specific user. In this module, you'll learn how to implement RLS by using either a static or dynamic method and how Microsoft Power BI simplifies testing RLS in Power BI Desktop and Power BI service.
Certification
Microsoft Certified: Power BI Data Analyst Associate - Certifications
Demonstrate methods and best practices that align with business and technical requirements for modeling, visualizing, and analyzing data with Microsoft Power BI.