Skip to main content

Privacera Documentation

Power BI connector for PolicySync

This section covers how to enable configure Privacera Power BI connector for workspace fine-grained access-control in Power BI running in Azure. You can set permissions in a Privacera policy depending on the workspace roles : Admin, Member, Contributor, Viewer. Only users and groups from the Azure Active Directory are allowed in Azure Power BI.

Generalized approach for implementing PolicySync

To help you reach compliance, Privacera PolicySync distributes your defined access management policies to the third-party datasources you connect to Privacera.

Use this generalized approach for implementing PolicySync.

  1. Understand how PolicySync works and how it is configured. See PolicySync design and configuration on Privacera Platform.PolicySync design and configuration on Privacera Platform

  2. Decide which PolicySync topology best suits your needs:

  3. Create the required, basic PolicySync configuration. See PolicySync design and configuration on Privacera PlatformPolicySync design and configuration on Privacera Platform

  4. Examine the BASIC and ADVANCED properties, decide which features you want to implement, and set the necessary values in the YAML property file.

Connector name: powerbi

When you create the connector as detailed in PolicySync design and configuration on Privacera Platform, use the following reserved word for the name of the connector:PolicySync design and configuration on Privacera Platform

powerbi

In formal syntax shown in PolicySync design and configuration on Privacera Platform replace <ConnectorName> with the above and in the example in PolicySync design and configuration on Privacera Platform, replace postgres with the above.PolicySync design and configuration on Privacera PlatformPolicySync design and configuration on Privacera Platform

Prerequisites

Ensure that the following prerequisites are met:

  1. Create a service principal and application secret for the Power BI, and get the following information from Azure Portal. For more information, refer the Microsoft Azure documentation.

    • Application (client) ID

    • Directory (tenant) ID

    • Client Secret

  2. Create a group to assign your created Power BI application to it. This is required because the Power BI Admin API allows only the service principal to be an Azure AD Group.

    Follow the steps in the link given above, and configure the following to create a group and add Power BI as a member:

    1. On the New Group dialog, select security in the Group type, and then add the required group details.

    2. Click Create.

    3. On the +Add members dialog, select your Power BI application.

  3. Configure Power BI Tenant to allow Power BI service principals to read the REST API.

    Follow the steps in the link given above and configure the following:

    1. In the Developer settings, enable Allow service principals to use Power BI APIs.

    2. Select Specific security groups (Recommended), and then add the Power BI group you created above.

    3. In the Admin API Settings, enable Allow service principals to use read-only Power BI admin APIs (Preview). For more information, see the Microsoft Azure documentation - click here.

    4. Select Specific security groups, and then add the Power BI group you created above.

  4. Enable Privacera UserSync for AAD to pull groups attribute ID via the AZURE_AD_ATTRIBUTE_GROUPNAME property described in AAD UserSync connector properties.