In the previous blog we covered how to embed Power BI Report in Power Apps Portal using “Publish to Web” and “Embed for organization” mode, In this post we will cover “Embed for your customers” mode and then applying Row level security(RLS) on the report.
Method 2: Embed for your Customers- Power Bi Report for private customer reports.
Enable Power Apps Portals for Power Bi integration and create your Power Bi report you want to publish under the Power Bi workspace you have defined during Power Bi Setup earlier. Refer the part I blog for steps.
Enable RLS on Power Bi Report:
Enable Report for Row level security by adding role, its required for embedded customers mode to function. On Power Bi Report under Modeling Click on Mange roles
create a new role, we don’t need to specify and filtering rules yet.(we will talk about it in RLS section below)
Embed Power BI components To Power Apps Portals :
Once the Report is created we need to add powerbi component to the page if you are familiar with liquid you can add it directly in webpage or in a webtemplate.
Navigate to Power Apps portal page in Portals Studio and add the Power Bi Component to the page, choose access type as “Embed for your Customers” and select the report previously created
Navigate to the content page for the webpage under Portals, it will have liquid tag for the power Bi component.
{% powerbi authentication_type:"powerbiembedded" path:"https://app.powerbi.com/groups/e8f46cdd-5536-42a9-9656-337331cb9aa7/reports/490487ac-602d-4c76-bb9e-e293d98e1a18/ReportSection" %}
We need to add the role that we have created previously in powerbi to this liquid tag, the above tag will look like below after modification
{% powerbi authentication_type:"powerbiembedded" path:"https://app.powerbi.com/groups/e8f46cdd-5536-42a9-9656-337331cb9aa7/reports/490487ac-602d-4c76-bb9e-e293d98e1a18/ReportSection" roles: "powerbiroles" %}
Once done navigate to the Power Bi report on Power Apps portal and login and you would be able to see the Power Bi report while being logged in as external user and customer.
Do lock this page using webrole and access control to ensure its only available to intended users.
Enable Row Level security when embedding Reports in Customers mode:
Now let’s review how we can apply RLS to the above report so that logged in users can only see data that they are supposed to or access to.
For this example I am using a Power Bi report which is using Dataverse as data source, I want to show a Power Bi report where users can see all the accounts and the address they are defined as primary contact on.
You can find the pbix file for the report here.
My data source include, accounts, contacts, Tasks/activity and External Identities, I have added/updated the relationship and applied bi directional filtering under the relationship.
For RLS we will take advantage of the DAX functions username() or userprincipalname(). when we embed Power Bi report in customer mode these functions return the UPN id of the user. In order to be able to apply RLS and filter on the data we need to include External Identities and contact entity from Dataverse to the dataset as it manages the UPN data.
Enable RLS Filtering:
Navigate to manage roles under modeling on Power BI and under the role you have created before add filtering on External identities against Username()
Publish the Power Bi Report and navigate to the Power Bi report page on Power Apps portal and login and you would be able to see the Power Bi report filtered to show only logged in user data while being logged in as external user and customer.
If you are using Local Authentication instead of Azure B2c or other IDP you can filter it on contact entity directly against adx_identity_username field.
In both the post I have used Power BI Report as an example but the functionality and behavior is supposed to be same when surfacing Dashboards.
Power Apps Portals and Power BI connected together is such a powerful story of “Powerful alone, but better together”, Let me know your thoughts on Power Bi and Power Apps portals integration and what has worked for you.