Hello all,
This is kind of urgent so any quick help would be greatly appreciated.
We have built out a Proof of Concept web-app that will embed Power BI Dashboards. When a user signs in, we want them to only be able to view the data that belongs to their organization. We are currently doing all of the token and authentication through the Power BI Rest api. We are able to embed our dashboards just fine.
In desktop, I create a user role that determines if Email=USERNAME(). In desktop this works great, when you are not the correct user, you see blank visualizations and when you are, you see the appropriate data. I publish this into my workspace. I test the RLS there, works just fine. I embed it into our webapp and unfortunately anyone can see all of the data. (RLS is NOT working once embedded).
Again, we are handling authentication thorugh REST API. I believe this is the shortfall. I think we need to use the javascript library to generate the report token while passing in the username/role. Is this a correct assumption?
Here is what we are doing with the REST API. But again, when we go to the dashboard, no RLS seems to be working. Any advice?
def get_power_bi_embed_token(email, adal_session, dashboard_id):
GENERATE_EMBED_TOKEN_URL= "https://api.powerbi.com/v1.0/myorg/groups/%s/dashboards/%s/GenerateToken" % (settings.POWER_BI_GROUP_ID, dashboard_id)
response = adal_session.post(GENERATE_EMBED_TOKEN_URL, json={
"accessLevel":"View",
"username":email,
"roles":"User",
})
return response.json()['token']