Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!
PBI sessions are initiated with a O365 account of the user who start powerbi.com, which is 'the same' account as on premise. The stored gateway datasource credentials are then used to connect to the SSAS server. Am I right so far?
But I guess the SSAS engine still retrives the original user account to check if this enduser is part of a read role in the SSAS model and to be used in DAX for RLS, etc..
How does this work? And in which stage the user credentials are passed to the model? Where can I find more detailed information on this topic?
I use Extended Events sessions on premise SSAS server to audit detailed information on sessions, logins, logouts and queries but most of the time I see the stored gatawaydatasourcecredentials rather than the enduser which is querying the models.
Solved! Go to Solution.
@detlev,
Do you connect to SSAS in Power BI using a "Connect Live" mode?
Dynamic RLS only works with live connection, and in this case, Power BI uses the effectiveusername property to send the current Power BI user credential to the on-premises SSAS data source to run the queries. The email address that used to sign in Power BI with is passed to Analysis Services as the effective user. You can use SQL Profiler to capture the background process.
Reference:
https://docs.microsoft.com/en-us/power-bi/desktop-tutorial-row-level-security-onprem-ssas-tabular
Regards,
Lydia
@detlev,
Do you connect to SSAS in Power BI using a "Connect Live" mode?
Dynamic RLS only works with live connection, and in this case, Power BI uses the effectiveusername property to send the current Power BI user credential to the on-premises SSAS data source to run the queries. The email address that used to sign in Power BI with is passed to Analysis Services as the effective user. You can use SQL Profiler to capture the background process.
Reference:
https://docs.microsoft.com/en-us/power-bi/desktop-tutorial-row-level-security-onprem-ssas-tabular
Regards,
Lydia