I've connected to an on premises SSAS data source with Power BI Desktop and could successfully publish to the web.
I would like to share the datasets themselves with users outside my organisation so that they can drag/drop the dimensions/measures and create reports and dashboards or reports that they would like to see.
From what I've read it's only possible to share preconfigured dashboards and reports with users outside my organisation. Could someone please tell me if it is possible to share the datasets themselves with users outside my organisation?
If you help the external company setup an On premises data gateway on a VM in your network and help them get it connected to your cube the the external users can publish the Power BI Desktop report to their Power BI tenant. Is there role based security in your cube that would apply to external users? If so you will need to setup an alternate UPN suffix and user accounts for the external users on your domain as described here. Or you could setup user mappings to use CustomData to pass their username in to your cube that way. With CustomData you change your SSAS roles to have only a service account as a member (not real users) then use the CustomData() MDX function in the dynamic security MDX expressions.
The whole scenario is described more fully here. Though I was talking about hosting in Azure with VMs joined to AAD Domain Services, you could so it with alternate UPN suffixes or CustomData in a regular Active Directory domain.
If your model is Tabular then Azure Analysis Services may greatly simplify the matter. If that's of interest let me know.
Related
I have Power BI Embedded capacity and currently use it to embed reports from my power bi service into a web based portal.
A customer has asked if I can connect to their workspaces from my tenant and embed their reports.
Is it possible to do this? What would the customer need to do on their end to allow me to access the workspaces?
Embedding can be made with user credentials (user name and password) from their tenant (usually used with embed for your organization, a.k.a. user owns data), or with service principal (application ID and secret) from their tenant (usually used with embed for your customers, a.k.a. app owns data). So they must give you their tenant ID (needed for the embedding). Then, depending on how you embed the Power BI elements, proper credentials.
Also, to make a note, that you can't assign their workspaces to your Power BI Embedded capacity, so probably they will need to get a dedicated capacity for their tenant too.
The scope of the project is to provide permissions to every single guest user that clicks on the link (link is from powerbi service). From what I've experienced this can only be done within the organization from the app perspective.
What is the best practice to provide guest users/everyone access to the powerbi application without having to approve users?
I tried changing of the app permissions to everyone in the org, and turning on the setting allowing azure active Directory guest users to access Power BI.
Having access to Power BI doesn't grant them access to any workspaces or apps. For that you need a security group, eg an AAD Dynamic Group.
We are a SaaS provider and would like to open up our data to clients through Power BI. Our solution is hosted in AWS with an RDS database and we plan to make the database available through a Power BI Gateway to RDS.
I am currently trying to work out a way to give my clients the ability to (a) design their own dashboard/reports and (b) embed these reports in our web app.
The plan is to embed reports into the webapp is by using the “Embed for your Organisation” approach where the users require a Power BI Pro account.
The key question I have is around managing the Gateway, data sources and data sets. Technically my company will host the Power BI GW in AWS and the idea was that we register the PowerBI GW in our account. Ideally we would then give client users access to either the data source itself or a data set based on it. However when trying to give access to a user of another organisation to either, then I get an error message saying “One or more users were not found within your organization.“.
I read about B2B Guest access but is pretty unclear to me and my first tests were not successful.
Can anyone point me to a reasonable architecture or approach for this?
Please note that for cost reasons, we want to avoid Power BI Premium and Capacities and cost is a constraint.
Context
I need to start sharing Power BI reports with other users (all users are Power BI Pro licenses).
Reports will be in live connection with an Analysis Services and my original data source are on-premise, therefore, I need to install a gateway to transfer data into the cloud.
Question
We already have a capable server for installing the gateway, therefore, my questions are:
Is it wise to install a Gateway VM on that server even though the server is used for other applications?
I don't have access to Power BI Admin Portal and it is tricky to get access to it since we are a very big company all over the world. Can I use an on premises data gateway without a Power BI Admin account? (While installing gateway just adding my account as admin)
I have a Power BI workbook that I have created in Desktop. It sources from a SQL Server database. I can access this database with account x. My Azure tenant admin has created a data source for this database in our gateway (within the Power BI service), and I have access to this gateway. The admin supplied account y in connecting to this data source. How does this work when I go to refresh the dataset that this workbook creates when I publish it to the service? That is, when I schedule a refresh on the dataset, will it dial into the SQL Server database using account y provided in the data source definition (virtually ignoring / dropping account x's credentials)?
Yep. That's exactly how it works. The automated refresh will use account 'Y.'
Data sources that have been deployed to some hosted location will almost always disregard the credentials used to create the dataset and instead use credentials that are specifically supplied for the refresh. These 'service' accounts will typically have different rules about password resets, have the lowest appropriate levels of access, and be under the prevue of system administrators rather than report authors. Its a very standard practice. It protects against misuse, error, loss of accounts, and segregates actual user activity from automated behaviors in the logs.
However, it is a little odd to me that your admin 'created the datasource' -- is that correct? Or did the admin just wire up the gateway to the datasource that was deployed when you published?
If you want to use a datasource that is already published, then you need to connect to that datasource from PowerBI desktop. Otherwise you'll be pushing out something new that has nothing to do with the resources that your admin created.