由于有效身份中缺少角色,无法生成用于访问数据集的嵌入令牌
Unable to generate embed token for accessing dataset due to missing roles in effective identity
我有嵌入式 powerbi 报告,在我更改数据库之前它工作正常。
我观察到 datasets.IsEffectiveIdentityRequired(在下面的代码中)早些时候是假的,现在它是真的,我收到一个错误 - {"error":{"code":"InvalidRequest","message":"Creating embed token for accessing dataset 02c90e15-35dd-4036-a525-4f5d158bfade requires roles to be included in provided effective identity"}}
我使用的是标准嵌入服务代码。
// 创建一个 Power BI 客户端对象。它将用于调用 Power BI API。
using (var client = new PowerBIClient(new Uri(ApiUrl), m_tokenCredentials))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(WorkspaceId);
Report report = reports.Value.FirstOrDefault(r => r.Id.Equals(ReportId, StringComparison.InvariantCultureIgnoreCase));
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(WorkspaceId, report.DatasetId);
m_embedConfig.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
m_embedConfig.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
// HERE username IS NULL
if (!string.IsNullOrWhiteSpace(username))
{
var rls = new EffectiveIdentity(username, new List<string> { report.DatasetId });
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List<string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List<EffectiveIdentity> { rls });
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(WorkspaceId, report.Id, generateTokenRequestParameters);
}
首先,我完全理解这个错误的发生是因为我没有传递任何身份信息。那么,是否有任何选项可以禁用 IsEffectiveIdentityRequired?
二、如何在powerbi中设置用户和角色?
--我不是 PowerBI 专家--
IsEffectiveIdentityRequired 是只读的 属性 所以你无法控制它,也没有禁用它的选项.
根据您连接到有效身份的数据源,可能需要也可能不需要。
如果 IsEffectiveIdentityRequired 为真,您需要在调用 GenerateTokenRequest 生成嵌入令牌时传递 EffectiveIdentity。如果数据源需要一个有效的身份,而您没有传递一个,您将在调用 GenerateTokenRequest 时收到错误消息。如果您传递一个不完整的 EffectiveIdentity,例如调用 GenerateTokenRequest 时缺少角色,您也会得到一个错误。
这是一个示例,说明如何使用 IsEffectiveIdentityRequired 属性 生成带有或不带有有效身份的嵌入令牌,具体取决于数据源是否需要它。
List<EffectiveIdentity> eil = new List<EffectiveIdentity>();
EffectiveIdentity ef = new EffectiveIdentity();
// UserName
ef.Username = FullADUsername;
// Roles
List<string> Roles = new List<string>();
ef.Roles = Roles;
// Datasets
List<string> _Datasets = new List<string>();
_Datasets.Add(report.DatasetId);
ef.Datasets = _Datasets;
eil.Add(ef);
// Look up the data set of the report and look if we need to pass an Effective Identify
Dataset d = client.Datasets.GetDatasetByIdInGroup(WorkspaceId, report.DatasetId);
if (d.IsEffectiveIdentityRequired == true){
GenerateTokenRequest gtr = new GenerateTokenRequest("View", null, false, eil);
newEmbedToken = client.Reports.GenerateTokenInGroup(WorkspaceId, ReportId, gtr);
}
else
{
GenerateTokenRequest gtr = new GenerateTokenRequest();
newEmbedToken = client.Reports.GenerateTokenInGroup(WorkspaceId, ReportId, gtr);
}
我有嵌入式 powerbi 报告,在我更改数据库之前它工作正常。
我观察到 datasets.IsEffectiveIdentityRequired(在下面的代码中)早些时候是假的,现在它是真的,我收到一个错误 - {"error":{"code":"InvalidRequest","message":"Creating embed token for accessing dataset 02c90e15-35dd-4036-a525-4f5d158bfade requires roles to be included in provided effective identity"}}
我使用的是标准嵌入服务代码。
// 创建一个 Power BI 客户端对象。它将用于调用 Power BI API。
using (var client = new PowerBIClient(new Uri(ApiUrl), m_tokenCredentials))
{
// Get a list of reports.
var reports = await client.Reports.GetReportsInGroupAsync(WorkspaceId);
Report report = reports.Value.FirstOrDefault(r => r.Id.Equals(ReportId, StringComparison.InvariantCultureIgnoreCase));
var datasets = await client.Datasets.GetDatasetByIdInGroupAsync(WorkspaceId, report.DatasetId);
m_embedConfig.IsEffectiveIdentityRequired = datasets.IsEffectiveIdentityRequired;
m_embedConfig.IsEffectiveIdentityRolesRequired = datasets.IsEffectiveIdentityRolesRequired;
GenerateTokenRequest generateTokenRequestParameters;
// This is how you create embed token with effective identities
// HERE username IS NULL
if (!string.IsNullOrWhiteSpace(username))
{
var rls = new EffectiveIdentity(username, new List<string> { report.DatasetId });
if (!string.IsNullOrWhiteSpace(roles))
{
var rolesList = new List<string>();
rolesList.AddRange(roles.Split(','));
rls.Roles = rolesList;
}
// Generate Embed Token with effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view", identities: new List<EffectiveIdentity> { rls });
}
else
{
// Generate Embed Token for reports without effective identities.
generateTokenRequestParameters = new GenerateTokenRequest(accessLevel: "view");
}
var tokenResponse = await client.Reports.GenerateTokenInGroupAsync(WorkspaceId, report.Id, generateTokenRequestParameters);
}
首先,我完全理解这个错误的发生是因为我没有传递任何身份信息。那么,是否有任何选项可以禁用 IsEffectiveIdentityRequired?
二、如何在powerbi中设置用户和角色? --我不是 PowerBI 专家--
IsEffectiveIdentityRequired 是只读的 属性 所以你无法控制它,也没有禁用它的选项.
根据您连接到有效身份的数据源,可能需要也可能不需要。
如果 IsEffectiveIdentityRequired 为真,您需要在调用 GenerateTokenRequest 生成嵌入令牌时传递 EffectiveIdentity。如果数据源需要一个有效的身份,而您没有传递一个,您将在调用 GenerateTokenRequest 时收到错误消息。如果您传递一个不完整的 EffectiveIdentity,例如调用 GenerateTokenRequest 时缺少角色,您也会得到一个错误。
这是一个示例,说明如何使用 IsEffectiveIdentityRequired 属性 生成带有或不带有有效身份的嵌入令牌,具体取决于数据源是否需要它。
List<EffectiveIdentity> eil = new List<EffectiveIdentity>();
EffectiveIdentity ef = new EffectiveIdentity();
// UserName
ef.Username = FullADUsername;
// Roles
List<string> Roles = new List<string>();
ef.Roles = Roles;
// Datasets
List<string> _Datasets = new List<string>();
_Datasets.Add(report.DatasetId);
ef.Datasets = _Datasets;
eil.Add(ef);
// Look up the data set of the report and look if we need to pass an Effective Identify
Dataset d = client.Datasets.GetDatasetByIdInGroup(WorkspaceId, report.DatasetId);
if (d.IsEffectiveIdentityRequired == true){
GenerateTokenRequest gtr = new GenerateTokenRequest("View", null, false, eil);
newEmbedToken = client.Reports.GenerateTokenInGroup(WorkspaceId, ReportId, gtr);
}
else
{
GenerateTokenRequest gtr = new GenerateTokenRequest();
newEmbedToken = client.Reports.GenerateTokenInGroup(WorkspaceId, ReportId, gtr);
}