科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>powerbi - Power BI REST API: RLS Role Not Applied in Query Execution Using PowerShell Cmdlets - Stack Overflow

    powerbi - Power BI REST API: RLS Role Not Applied in Query Execution Using PowerShell Cmdlets - Stack Overflow

    programmeradmin1浏览0评论

    I am testing Row-Level Security (RLS) using the Power BI REST API but noticed that roles are not being applied. The query executes with full admin access instead of enforcing the assigned role.

    Expected Behavior: The query should return filtered results based on the assigned role.

    Actual Behavior: The query executes as if no RLS roles were assigned, returning full dataset access.

    What I Checked:

    1. Verified that the role exists and is correctly assigned.
    2. Ensured the API token is generated with the correct role.
    3. Executed the same DAX query in PowerBI desktop while the role was active and it returned results as expected
    4. Confirmed that RLS is enabled in the semantic model settings.

    parts of the script I am using as following:

    # Iterate through each employee
foreach ($row in $truthTable) {
    $principalName = $row.PrincipalName
    $expectedRows = $row.ExpectedRows

    # Apply RLS role for the user
    $tokenRequest = @{
        datasets = @(
            @{
                id = $datasetId
                roles = @(
                    @{
                        name = $role
                        members = @(
                            @{
                                identity = $principalName
                            }
                        )
                    }
                )
            }
        )
    }
    $tokenRequestJson = $tokenRequest | ConvertTo-Json -Depth 10


    
        # Generate the token for the user
        $tokenResult = Invoke-PowerBIRestMethod -Url "groups/$workspaceId/datasets/$datasetId/GenerateToken" -Method Post -Body $tokenRequestJson -ContentType "application/json"


    # Query the dataset
$query = @{
    queries = @(
        @{
            query = "EVALUATE ROW(""RowCount"", DISTINCTCOUNT(Table[column]))"
        }
    )
}

    

        # Execute the query with the generated token
    $result = Invoke-PowerBIRestMethod -Url "groups/$workspaceId/datasets/$datasetId/executeQueries" -Method Post -Body $queryJson -ContentType "application/json"

    # Compare actual vs expected
$actualRows = ($result | ConvertFrom-Json).results[0].tables[0].rows[0].RowCount
if ($actualRows -eq $expectedRows) {
    Write-Output "Test passed for $principalName"
} else {
    Write-Output "Test failed for $principalName. Expected $expectedRows, got $actualRows"
}
}

    and the output:

    
Token generated for *****.de
{
  "@odata.context":"***X0=","tokenId":"***-5730bfaf8db6","expiration":"2025-02-07T17:24:38Z"
}

Query Result for ******.de:
{
    "results":  [
                    {
                        "tables":  [
                                       {
                                           "rows":  [
                                                        {
                                                            "[RowCount]":  169
                                                        }
                                                    ]
                                       }
                                   ]
                    }
                ]
}
Test failed for ******.de. Expected 18, got 169

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论