Search code examples
powerbipowerbi-embeddedrow-level-security

PowerBi Service principals and Row level Security

We are using PowerBi and would like to embed a report in another system. We have set up everything so far and can display the reports with a service principal for several users. However, we only want the users to see their own records, so we have created roles that only display a few records based on the username. This works well in the PowerBi Desktop 'view as'. But when we request the embed token from the other system, we get a 400 response code back. I have read the following(https://learn.microsoft.com/en-us/power-bi/enterprise/service-admin-rls):

Service principals cannot be added to an RLS role. Accordingly, RLS won’t be applied for apps using a service principal as the final effective identity.

Can I then achieve my goal at all, that a large group of users can view a report and only see their own data? Or is that only possible if I create a separate account for each user?

My report without roles can be embedded. That works. Then I added a role to my report. Role is Owner and DAX is [Owner__c] = USERNAME() enter image description here

And adjusted the body of the API from:

{
"accessLevel": "View",
"datasetId": "8d72284e-f104-4213-9376-606397b2f838"
}

to

{
"accessLevel": "View",
"allowSaveAs": "false",
"identities": [{
    "username": "0015p00005ZSE7wAAH",
    "reports": ["7fa1badb-ccb3-45b8-84cb-15e5b2018efa"],
    "roles": ["Owner"],
    "datasets": ["8d72284e-f104-4213-9376-606397b2f838"]
}]

}

This is a my datatable enter image description here

Did I miss a point? Do I need to add someone(who?) to this the role under dataset security?

Why is USERPRINCIPALNAME() or USERNAME() not the id, which I defined in the request body? As soon as I add a role to my report(Dax:[Owner__c] = TRUE) or ([Owner__c] = USERNAME() or even hardcoded [Owner__c]='0015p00005ZSE7wAAH') I get a status code 400

Solution

  • After adding the Content-Type => application/json it worked.