Service Principle for Gateway

[v-kerwan]

Please add this information and below Link to this page:
https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security#on-premises-data-gateway-with-service-principal-preview

On-premises data gateway with service principal (Preview)
Customers that configure row-level security (RLS) using an SQL Server Analysis Services (SSAS) on-premises live connection data source can enjoy the new service principal capability to manage users and their access to data in SSAS when integrating with Power BI Embedded.

Using Power BI REST APIs, allows you to specify the effective identity for SSAS on-premises live connections for an embed token using a service principal object.

Until now, to be able to specify the effective identity for SSAS on-premises live connection, the master user generating the embed token had to be a gateway admin. Now, instead of requiring the user to be gateway admin, the gateway admin can give the user dedicated permission to that data source, that allows the user to override the effective identity when generating the embed token. This new ability enables embedding with service principal for a live SSAS connection.

To enable this scenario, the gateway admin uses the Add Datasource User REST API to give the service principal the ReadOverrideEffectiveIdentity permission for Power BI Embedded.

You can't set this permission using the admin portal. This permission is only set with the API. In the admin portal, you see an indication for users and SPNs with such permissions.

[maggiesMSFT]

Hi, @v-kerwan -- Thanks for your suggestion! I've added a few people who can help.

[markingmyname]

@v-kerwan

So we are clear, which page are you requesting to be edited? Is it the RLS page or the main Service Principal page?

[v-kerwan]

Hi Mark, Good Day, under below doc, there is a paragraph called “https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security#on-premises-data-gateway-with-service-principal-preview” https://docs.microsoft.com/en-us/power-bi/developer/embedded-row-level-security#on-premises-data-gateway-with-service-principal-preview This Paragraph describe how to configure gateway when user’s embedded application had embedded report which user Live connection/Direct Query. It’s very common feature which is used in most embedded scenario, however it is not described in our main document introduced Power BI embedded service principle. (Not even a link) So I would suggested to add this paragraph to below link. https://docs.microsoft.com/en-us/power-bi/developer/embed-service-principal Best Regards, Kerry Wang Support Engineer Data & BI Support Data & Enterprise Cloud Office: +86 (21) 52638212 X38212. v-kerwan@microsoft.com<mailto:v-kerwan@microsoft.com> Mon - Fri 9:00-18:00 UTC+8:00 [Microsoft] If you have any feedback about my work, please let either me or my manager Gray Cai know at Gray.Cai@microsoft.com From: Mark Ghanayem <notifications@github.com> Sent: Friday, May 24, 2019 6:11 AM To: MicrosoftDocs/powerbi-docs <powerbi-docs@noreply.github.com> Cc: Kerry Wang (International Supplier) <v-kerwan@microsoft.com>; Mention <mention@noreply.github.com> Subject: Re: [MicrosoftDocs/powerbi-docs] Service Principle for Gateway (#1067) @v-kerwan<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fv-kerwan&data=02%7C01%7Cv-kerwan%40microsoft.com%7Ca8b21a3d255840c98e0f08d6dfcb96b8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636942462839649140&sdata=50%2BOEQ3Y9%2Bfwu3rDsY%2FLOOnGaOOlemFi0mE%2BiwSPbaA%3D&reserved=0> So we are clear, which page are you requesting to be edited? Is it the RLS page or the main Service Principal page? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FMicrosoftDocs%2Fpowerbi-docs%2Fissues%2F1067%3Femail_source%3Dnotifications%26email_token%3DAJWNXQXENBFTY7ZNEF3XVM3PW4JATA5CNFSM4HN76Q32YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWDUDVI%23issuecomment-495403477&data=02%7C01%7Cv-kerwan%40microsoft.com%7Ca8b21a3d255840c98e0f08d6dfcb96b8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636942462839659134&sdata=5nbPVAgtzv8EQDEgd8cmyqNQ%2FB3aVpd5Zj70hwuUSpE%3D&reserved=0>, or mute the thread<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAJWNXQT5FI2YGRDFWEMBOODPW4JATANCNFSM4HN76Q3Q&data=02%7C01%7Cv-kerwan%40microsoft.com%7Ca8b21a3d255840c98e0f08d6dfcb96b8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636942462839659134&sdata=LzvviVh9BDoNXWM0VEnsH13mqbWX7w4sjfqNhy6Olvk%3D&reserved=0>.

[markingmyname]

Hi @v-kerwan,

Thanks for clearing that up.

We decided to keep it with the RLS information as the information fit more in that space.

However, we should have had a reference to it in the main Service Principal article.

As such, I have added a link to that section from the Service Principal article to the RLs article in the Next steps section.

The article should show the change early next week.

Did you know: For minor things like typos, you can edit the doc! Click the little Edit pencil icon in the article, then click the little Edit pencil in GitHub, make your change, scroll to the bottom, and click Propose file change. And voila! It's sent directly to the writer. Then all the writer has to do is sign off and it goes into the publishing queue.

Hope this helps.

Thank you again!

[markingmyname]

We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion, and we will reopen the issue.