在內嵌的編頁報表中實作資料列層級安全性Implementing row-level security in embedded paginated reports

內嵌編頁報表時,您可以控制要顯示的資料。When you embed a paginated report, you can control which data is displayed. 這可讓您量身打造為每位使用者所顯示的資訊。This allows tailoring the displayed information per user. 例如,如果您有一個包含全球銷售結果的 Power BI 編頁報表 ,您可以內嵌報表,而且只提供來自特定地區的銷售結果。For example, if you have a Power BI paginated report that includes global sale results, you can embed it so that only the sale results from a certain region are available.

這項功能是一個安全的做法,只顯示資料的子集,不會危害其餘的資料。This feature provides a secure way of displaying a subset of the data, in a way that doesn't compromise the rest of data. 它類似資料列層級安全性 (RLS) 功能,RLS 提供了一種在 Power BI 報表 (未編頁)、儀表板、圖格、資料集內顯示資料的安全方式。It resembles the Row Level Security (RLS) feature, which provides a secure way of displaying data in Power BI reports (that are not paginated), dashboards, tiles, and datasets.

注意

這項功能適用於為客戶內嵌的編頁報表。This feature works with embedding paginated reports for customers.

設定參數以篩選資料集Configuring a parameter to filter the dataset

將資料列層級安全性套用至 Power BI 分頁報表時,您需要指派 參數UserID 屬性。When applying row-level security to a Power BI paginated report, you need to assign a parameter to the UserID attribute. 在報表內嵌之前,這個參數將限制從資料集提取出來的資料。This parameter will restrict the data pulled from the dataset, before the report is embedded.

將參數指派給 UserID 之後,請使用 Reports GenerateTokenInGroup API 來取得內嵌權杖。After assigning the parameter to UserID, use the Reports GenerateTokenInGroup API to get the embed token.

在報表或查詢層級使用 UserID 作為篩選Use UserID as a filter at report or query level

您可以使用 UserId 作為「篩選」,或是用在對 Power BI Report Builder 中資料來源的「查詢」中。You can use UserId as a filter or in a query to the datasource in Power BI Report Builder.

使用篩選條件Using the filter

  1. 在 [資料集屬性] 視窗的左窗格中選取 [篩選]。In the Dataset Properties window, from the left pane, select Filter.

    Power BI 報表產生器的篩選

  2. 從 [運算式] 下拉式功能表中,選取您要用來篩選資料的參數。From the Expression dropdown menu, select the parameter you want to use for filtering the data.

    螢幕擷取畫面顯示已從 [運算式] 功能表選取 Color 值。

  3. 按一下 [值] 功能按鈕。Click the Value function button.

    Power BI 報表產生器中的 [值]

  4. 在 [運算式] 視窗中,從 [類別] 清單中選取 [內建欄位]。In the Expression window, from the Category list, select Built-in Fields.

    螢幕擷取畫面顯示 [運算式] 視窗,其中已針對 [類別] 選取 [內建欄位],並針對 [項目] 選取 [ExecutionTime]。

  5. 從 [項目] 清單中選取 [UserID],然後按一下 [確定]。From the Item list, select UserID and click OK.

    Power BI 報表產生器中的 [UserID]

  6. 在 [資料集屬性] 視窗中,確認運算式是「您選取的參數 = UserID」,然後按一下 [確定]。In the Dataset Properties window, verify that the expression is your selected parameter = UserID, and click OK.

    Power BI 報表產生器中的資料集屬性

使用查詢Using a query

  1. 在 [資料集屬性] 視窗的左窗格中選取 [參數],按一下 [新增]。In the Dataset Properties window, from the left pane, select Parameters and click Add.

    Power BI 報表產生器中的 [參數]

  2. 在 [參數名稱] 中輸入 @UserID,然後在 [參數值] 中新增 [&UserID]In the Parameter Name enter @UserID, and in the Parameter Value add [&UserID].

    Power BI 報表產生器中的 [參數名稱]

  3. 從左窗格中選取 [查詢],在 [查詢] 中新增 UserID 參數作為查詢的一部分,然後按一下 [確定]。From the left pane, select Query, in the Query add the UserID parameter as part of your query, and click OK.

    注意

    在下方的螢幕擷取畫面中,以 color 參數作為範例 (whereFinalTable.Color = @UserID)。In the screenshot below the color parameter is used as an example (whereFinalTable.Color = @UserID). 如有需要,可以建立更複雜的查詢。If needed, it is possible to create a more complex query.

    Power BI 報表產生器的查詢編輯

使用內嵌權杖傳遞設定的參數Passing the configured parameter using the embed token

當您為客戶內嵌編頁報表時,可使用 Reports GenerateTokenInGroup API 取得內嵌權杖。When embedding a paginated report for your customers, the Reports GenerateTokenInGroup API is used to get the embed token. 此權杖也可以用來篩選從編頁報表提取出來的部分資料。This token can also be used to filter some of the data that is pulled out of the paginated report.

若只要公開部分資料,請在 username 欄位指派您想要顯示的資訊。To expose only some of the data, assign the username field with the information you want to be displayed. 例如,在具有 color 參數的編頁報表中,如果您在 username 欄位輸入 green,內嵌權杖將會限制內嵌資料僅顯示色彩資料行中有 green 值的資料。For example, in a paginated report that has a color parameter, if you enter green in the username field, the embed token will restrict the embedded data to display only the data that has the green value in the color column.

{
    "accessLevel": "View",
    "reportId": "cfafbeb1-8037-4d0c-896e-a46fb27ff229",
    "identities": [
            {
                    // Replace the 'username' with a paginated report parameter
                    "username":     "...",
                    "reports: [
                        "cfafbeb1-8037-4d0c-896e-a46fb27ff229"
                    ]
            }
    ]
}