Tutorials
Step-by-step guidance through DataCentral
Last updated
Step-by-step guidance through DataCentral
Last updated
Below are tutorials designed to simplify understanding of DataCentral, guiding you through the process of getting started with DataCentral and sharing information with diverse audiences.
Under each tutorial, you will find an overview of its content and the prerequisites necessary for completing it.
List of tutorials:
Use Azure AD authentication to explore the basics of DataCentral. A free tenant is provided for testing, requiring no configurations or installations. The tenant will use the common endpoint for Power BI, with only internal AD sharing available. If you want to try external Azure AD sharing, see this .
Content of tutorial:
Azure AD user account
Power BI Pro license
Admin member on Workspace in Power BI
An email confirmation link from signing up to Free-Tutorial, will redirect you to your assigned DataCentral Tenant. The next step is to authenticate using your Azure AD credentials.
Upon logging in, you will see the home page with the navigation bar on the left. The home page will display the report of your choice, pinned for your users in the Tenant.
Navigation bar:
Home:
A pinned report of your choice for users in current Tenant.
Users will have the option to pin their favorite report to the home page.
Administration:
Users: Add new user to your Tenant
Power BI Items: Add a report or app from your Power BI environment
Languages: Changing the default language of your Tenant
Under 'Administration -> Power BI Items' or by clicking on 'Go to reports' you can manage which Power BI Items are added to your Tenant. Within 'Power BI Items' menu you can click on 'Manage Workspaces' in the top right corner.
The menu will display all the workspaces where you are an admin in Power BI Service. Choose a workspace from which you want to embed a report into your Tenant, and click 'Save'.
Now, you can click '+ Add new item' and perform three operations:
Link Report: Embed report of your choice from workspace to Tenant
Link App: Embed app of your choice from workspace to Tenant
Upload Report: Upload .pbix file to your workspace from your Tenant
In this tutorial, we will 'Link report' Choose the workspace from which you want to embed the report and locate the report.
You can now enter additional information about the report. Once you have provided all the necessary details, click 'Save'.
The report from your workspace has now been embedded into your tenant. Repeat this process if you want to add more reports or apps.
Easily share report or app that you have added to your Tenant with internal Azure AD colleagues. Depending on the roles you assign to your users, they can access different reports available within the Tenant.
Pre-requirements for internal AAD.
Azure AD account
Power BI Pro license (if workspace is not on a dedicated capacity)
Azure AD is at least 'Viewer' member on Workspace(s) that report / app is embedded from
Go to 'Administration -> Users' to manage users added to your tenant. Begin by clicking on '+ Create new user' in the top right corner.
Enter the email address of the Azure AD user you intend to add, then navigate to 'Roles'.
Keep in mind that the roles you assign to your users determine which items they can access within the Tenant. In this case, assign the "User" role to the Azure AD user. Then click 'Save'.
An internal Azure AD authenticates to the Tenant and can view only the item(s) assigned the 'User' role.
Configure your Tenant with your organizational Azure Tenant ID. This will enable your users to authenticate against your Power BI environment and access reports in workspaces with the appropriate permissions.
Content of tutorial:
DataCentral Pro
Azure Tenant ID
Azure AD user account
Admin member on Workspace in Power BI
Power BI Pro license
Go to your DataCentral Tenant and authenticate using your Azure AD credentials.
Under 'Administration -> Settings', navigate to 'Azure Configurations' where you can add your Azure Tenant ID, enabling users to authenticate to your Power BI environment. Click 'Save'.
With the Azure Tenant ID configured, you can add and share reports or apps within your Tenant with external Azure AD. Depending on the roles assigned to your users, they can access different subsets of reports available within the Tenant.
Pre-requirements for external Azure AD.
Azure AD account
Power BI Pro license (if workspace is not on a dedicated capacity)
Azure AD is at least 'Viewer' member on Workspace that report or app is embedded from
Go to 'Administration -> Users' to manage the users in your Tenant. Start by clicking on '+ Create new user' in the top right corner.
Enter the email address of the external Azure AD user you intend to add, then navigate to 'Roles'.
Keep in mind that the roles you assign to your users determine which items they can access within the Tenant. In this case, assign the 'User' role to the Azure AD user. Then click 'Save'.
Now, you will see that the external Azure AD user has been added to the tenant. They will be able to authenticate to the Tenant and access the report or app.
The first time the external Azure AD user authenticates to your Tenant, they will be prompted with this window and will need to accept. This is the minimum privilege Microsoft Authenticator needs to verify the identity of the user signing in.
Here, the external Azure AD user has authenticated to the Tenant and can see the respective reports or apps assigned to their Role.
Content of tutorial:
DataCentral Pro
Azure Tenant ID
Azure AD user account
Workspace on a Dedicated Capacity
After creating your Power BI Service Principal, collect these values from the Azure Portal to complete this step-by-step tutorial.
Directory (tenant) ID
Application (client) ID
Client Secret
Go to your DataCentral Tenant and authenticate using your Azure AD credentials.
Under 'Administration -> Settings', navigate to 'Azure Configurations' where you can add your Power BI Service Principal.
Optionally, you can select the 'Only use Service Principal to manage items and workspaces in tenant' checkbox to restrict embedding in your Power BI environment to only the Service Principal(s). In this case, your and other admin Azure AD accounts will not be able to embed reports or apps.
Go to 'Administration -> Power BI Items' where you manage which Power BI Items are added to your Tenant. Within 'Power BI Items' menu you can click on 'Manage Workspaces' in the top right corner.
If you checked the box 'Only use Service Principal to manage items and workspaces in tenant' in Azure Configurations then you will only see workspaces your Service Principal has access to. If the box is unchecked the normal workspace management will occur through your Azure AD user.
Choose a report that you want to share with users who don't have a Power BI Pro license. Then click 'Save'.
Go to 'Administration -> Users' to manage the users in your tenant. Start by clicking on '+ Create new user' in the top right corner.
Add three user types and make sure that they have correct role to see the report within Tenant:
Azure AD
User Pass
Mobile ID
After creating all three user types, allow them to authenticate to your DataCentral tenant and observe how they can view reports within their role scopes.
Content of tutorial:
DataCentral Pro
Azure Tenant ID
Azure AD user account
Power BI Service Principal
Workspace on a Dedicated Capacity
In Power BI Desktop, go to Manage Roles and create specific roles that filter particular table based on the selected role. In this example, five roles have been created: AdminRLS, APAC, EMEA, LATAM, and NA. These roles filter the data model to specific country groupings (AdminRLS has access to all country groupings).
After publishing the report to a workspace of your choice, your RLS dataset should include these defined roles.
In your DataCentral Tenant go to 'Administration -> Power BI Items' and add the Row-Level Security Report to your Tenant.
Go to 'Administration -> Users' and add or edit the current user who will be using your Power BI Service Principal to embed the report. This can be an Azure AD account, a User Pass, or a Mobile ID.
The same process for using 'Role Codes' applies to all user types. In this example, Mobile ID is used.
The user should have specific roles assigned to them, which the Power BI Service Principal will use to ensure the security with the dataset and visibility of the report.
The chosen user authenticates to your DataCentral tenant, embeds the report, and only receives the data they are authorized to access. In this case, the data is limited to APAC and EMEA.
If we edit the user's roles and assign them the AdminRLS role, they will be able to see all country groupings as configured within the data model for that role.
The user can now refresh their browser, and they will receive all the data because they are in the 'AdminRLS' Role.
In Power BI Desktop, navigate to 'Manage Roles' and create a specific role that filters particular tables based on the user embedding the report. In this example, a dynamic role is created, and logic around the UserPrincipalName() function is used to filter the data.
After publishing the report to a workspace of your choice, your RLS dataset should include the defined role.
In your DataCentral Tenant go to 'Administration -> Power BI Items' and add the RLS Report to your Tenant.
Go to 'Administration -> Users' and add or edit the current user who will be using your Power BI Service Principal to embed the report. This can be an Azure AD account, a User Pass, or a Mobile ID.
The same process for using 'Dynamic RLS' applies to all user types. In this example, Mobile ID is used.
The user should have the role assigned to them, which the Power BI Service Principal will use to ensure the security with the dataset and visibility of the report.
The selected user authenticates to your DataCentral tenant, embeds the report, and only receives the data they are authorized to access based on the DAX definition within the DynamicRLS role.
If another Mobile ID user is given access to this report, they will receive a different set of data based on the DynamicRLS, which is determined by their UserPrincipalName() and DAX logic.
To see more about Workspace Management click .
Optionally, you can set 'Internal Domains' to distinguish internal AD from external AD within your tenant. You will need to manually add the external Azure AD as a guest in your Azure Portal so they are able to authenticate to your Azure Tenant ID. If you want to automate this process, implement the Graph Service Principal. Click to learn more.
Important: You will need to manually add the external Azure AD as a guest in your Azure Portal so they are able to authenticate to your Azure Tenant ID if a has not been configured.
This will allow your Azure AD users to embed reports without needing Power BI Pro license, and it will unlock new user types, such as User Pass and Mobile ID, that can embed through your Service Principal. Additionally, certain are now available within your Tenant.
Click to go through the step-by-step guide to create your own Power BI Service Principal.
The ability and benefits of using can be highly valuable. You would then also complete the setup for Power BI Service Principals 2 and 3, and enable them.
Now you are able to share reports or apps, and enable certain features on reports with the Power BI Service Principal. To see the full list of features that can be used click .
Enforcing row-level security (RLS) in your data models can simplify data management by allowing one model to serve multiple purposes, eliminating the need for duplicating models and adding unnecessary complexity. Here are two methods for implementing row-level security using your for your users.
Creating specific Role Codes, which are passed along with the Power BI Service Principal to the RLS Dataset.
Creating a role in Power BI Desktop using the UserPrincipalName() function that plays a crucial role in dynamic row-level security.
It is important to have already created the roles under 'Administration -> Roles'. Click to read more about Role Management.
If you have for example +10 Role Codes and don't want to create all those roles in Power BI Desktop you would benefit using .
It is important to have already created the role that you defined in the Dataset under 'Administration -> Roles'. Click to read more about Role Management.