Login/Register
Unable to generate embed token for accessing dataset due to missing roles in effective identity
Asked Answered
Solved powerbipowerbi-embeddedpowerbi-desktop
C

1

6

I have embedded powerbi report which was working fine until I changed my database.

I observed datasets.IsEffectiveIdentityRequired (in below code) was false earlier, now as it is true, I'm getting an error - {"error":{"code":"InvalidRequest","message":"Creating embed token for accessing dataset 02c90e15-35dd-4036-a525-4f5d158bfade requires roles to be included in provided effective identity"}}

I'm using standard Embed service code.

// Create a Power BI Client object. It will be used to call Power BI APIs.

            using (var client = new PowerBIClient(new Uri(ApiUrl), m_tokenCredentials))
            {
                // Get a list of reports.
                var reports = await client.Reports.GetReportsInGroupAsync(WorkspaceId);


                Report report = reports.Value.FirstOrDefault(r => r.Id.Equals(ReportId, StringComparison.InvariantCultureIgnoreCase));

                var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(WorkspaceId, report.DatasetId);
                m_embedConfig.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
                m_embedConfig.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
                GenerateTokenRequest generateTokenRequestParameters;
                // This is how you create embed token with effective identities
                // HERE username IS NULL
                if (!string.IsNullOrWhiteSpace(username))
                {
                    var rls = new EffectiveIdentity(username, new List<string> { report.DatasetId });
                    if (!string.IsNullOrWhiteSpace(roles))
                    {
                        var rolesList = new List<string>();
                        rolesList.AddRange(roles.Split(','));
                        rls.Roles = rolesList;
                    }
                    // Generate Embed Token with effective identities.
                    generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List<EffectiveIdentity> { rls });
                }
                else
                {
                    // Generate Embed Token for reports without effective identities.
                    generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
                }

                var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(WorkspaceId, report.Id, generateTokenRequestParameters);

}

First, I completely understand that this error occurs as I'm not passing any identity. So, is there any option to disable IsEffectiveIdentityRequired?

Second, how to set users and roles in powerbi? --I'm not a PowerBI expert--

Circumferential answered 9/5, 2019 at 0:19 Comment(0)
H
11

IsEffectiveIdentityRequired is a read only property so you can't control it and there is no option to disable it.

Depending on the data source you are connecting to an effective identity may or may not be required.

If IsEffectiveIdentityRequired is true you need to pass an EffectiveIdentity when calling GenerateTokenRequest to generate an embed token. If the data source requires an effective identity and you do not pass one you will get an error when calling GenerateTokenRequest. You will also get an error if you pass an incomplete EffectiveIdentity, such as one that is missing roles when calling GenerateTokenRequest.

Here is an example of how you can use the IsEffectiveIdentityRequired property to generate an embed token with or without an effective identity depending on if the data source requires it or not.

List<EffectiveIdentity> eil = new List<EffectiveIdentity>();
EffectiveIdentity ef = new EffectiveIdentity();

// UserName
ef.Username = FullADUsername;

// Roles
List<string> Roles = new List<string>();

ef.Roles = Roles;

// Datasets
List<string> _Datasets = new List<string>();
_Datasets.Add(report.DatasetId);
ef.Datasets = _Datasets;

eil.Add(ef);

// Look up the data set of the report and look if we need to pass an Effective Identify               
Dataset d = client.Datasets.GetDatasetByIdInGroup(WorkspaceId, report.DatasetId);
if (d.IsEffectiveIdentityRequired == true){
    GenerateTokenRequest gtr = new GenerateTokenRequest("View", null, false, eil);
    newEmbedToken = client.Reports.GenerateTokenInGroup(WorkspaceId, ReportId, gtr);
}
else
{
    GenerateTokenRequest gtr = new GenerateTokenRequest();
    newEmbedToken = client.Reports.GenerateTokenInGroup(WorkspaceId, ReportId, gtr);
}
Hemeralopia answered 28/5, 2019 at 18:2 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.