I found out, too late of course, that if you change Data source authentication method to oAuth2 for Paginated Reports Data Source and the Data Source is type AAS, then you can't go back to SSO.
The data sources default to using single sign-on (SSO), where applicable. For Azure Analysis Services, you can change the authentication type to OAuth2. However, once the authentication type for a given data source is changed to OAuth2, it can't revert back to use SSO. In addition, this change applies to all the reports that use that data source across all workspaces for a given tenant. Row-level security in paginated reports won't work unless users choose SSO for authentication type.
So when I remove the report from workspace and re-deploy it, it still uses the oAuth2. Also it doesn't help if I change workspace as the setting is Tenant wide. So is my only options really to deploy AAS model to a new server? Seems unbelieveble that this kind of tenant level decision is possible and it can't be reverted. We have lost RLS functionality from Paginated Reports because of this.