Two types of embedding are available with Power BI. The process to follow depends on how you license your Power BI users. If you’re not using Azure AD to log into BI Portal, you will have to use App Owns Data.

User Owns Data

This is applicable if your users are licensed for Power BI Pro, and therefore can be authenticated to use Power BI as themselves.

You can assign permissions to view content in PowerBI.com directly to users and groups, and users can browse content in PowerBI.com if they wish. When users view an embedded Power BI asset on the Enterprise BI Portal, their Azure AD token is passed to the Power BI API and they are authenticated as themselves, and it is passed through to data sources as well. The User Owns Data model can only be used when running Enterprise BI Portal in Azure, or on-premises with Azure AD as we require an Azure AD token to pass to PowerBI.com. If you are not running one of these versions and would like to, Perspective ILM can assist you in converting your installation.

user owns data visio diagram

App Owns Data

App Owns Data is tied directly to Power BI capacity-based licencing. In this model, you must first purchase Premium Capacity, and then assign your workspace(s) to this capacity.

In this model your users do not have direct access to PowerBI.com and cannot browse to it. Access to assets is assigned to a service account, and any embedding request from the Enterprise BI Portal is done as the service account.

Because of this, you will not immediately have access to the user identity in your reports and data sources. You can however choose to pass through the user identity of the user logged in to the Enterprise BI Portal. This means you can use this to filter data using RLS in your reports and Data Sources.

App Owns Data also provides the benefit of allowing one portal to serve content from multiple Power BI tenancies. This can be useful where you have multiple entities within a larger structure, that each have their own Azure AD/Power BI tenancies.

Support for Row Level Security with App Owns Data in Enterprise BI Portal requires version 4.4 for Reports and version 4.5 for Dashboards and Tiles. See below for a high-level diagram of the User Owns Data process.

app owns data visio diagram

Can I change my mind?

Yes. The most straight forward example of this is when first migrating to PowerBI.com from other tool sets. You are most likely to licence a small user base of developers, testers, and stakeholders while you build out your proof of concept.

When it comes time to onboard the business, you may find that it is cheaper to licence your user base under capacity-based licencing rather than individual user licences. At this point in time you can configure your PowerBI.com assets for capacity-based usage and update the Enterprise BI Portal in kind.

Can I have both?

At this stage we do not support mixing both modes within the same portal.