search

taarskog / crm-powerbi-viewer

Embed tiles and reports from Power BI into Dynamics CRM Forms and Dashboards.
http://crm-powerbi-viewer.heiigjen.com/
MIT License
27 stars 9 forks source link

Azure AD -> Grant Permissions #33

Closed tpcorcoran closed 6 years ago

tpcorcoran commented 6 years ago

This is more of a question than an issues. We have successfully used your solution to embed PowerBI elements into a Microsoft Dynamics form. The problem we are having now is that a Dynamics user can only see the embedded elements if they go into Azure AD and click the Grant Permissions button. Obviously this is not feasible due to a large number of users, so is there a way to grant permissions on behalf of other users?

We did have an Azure Global Admin user go in and click the Grant Permissions button, but that didn't seem to resolve the issue. I understand if this is getting outside of your area of expertise, but wanted to make sure we weren't missing something with the app configuration.

Thanks, Tim

taarskog commented 6 years ago

Hi Tim,

That's strange. Having an admin grant access should be sufficient for all users in the tenant ref. bullet 6 at https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-integrate-apps-with-azure-ad#example-of-the-consent-experience.

I suggest you enable verbose adal logging by setting auth_log_level: 3, in config.js. Maybe that will provide hints on what might be the issue. Logs will be written to the console (press F12 in the browser).

taarskog commented 6 years ago

Could you also verify that you remembered to update the manifest and set "oauth2AllowImplicitFlow": true,? Ref step 17 at http://crm-powerbi-viewer.heiigjen.com/pages/azure-ad.html

tpcorcoran commented 6 years ago

Thanks for the quick response Trond.

Yes, we did have the manifest updated with the 'true' setting. With that being said, I think we have narrowed in on the root cause. It turns out the user that initially clicked 'Grant Permissions' had temporary admin access. We had another user with permanent rights clicked the button. After that I had to give my test user permission to view the PBI Workspace and he was able to see everything fine.

Moving forward, we are going to update the Azure App to include 'View all Workspaces' in the permissions. If that doesn't work, then we'll just have to give all users access to he Workspace through the PBI service.

On a side note - my company has a group from Microsoft that is available for consulting needs and their Dynamics resource was very intrigued by this solution. Not sure if that will trigger much action for Microsoft to make this enhancement, but at the very least a compliment to you.

Thanks again. This app was a great help

taarskog commented 6 years ago

Hi Tim. Great to hear you found a solution.

Appreciate that you shared your findings.

-Trond