Solved: Analysis Services (Jet Reports OLAP) + Role manage...

Anonymous · ‎10-19-2017

Hi 🙂

I've installed the Enterprise Gateway and I can refresh from app.powerbi.com.

I've managed the role and permissions from the JetDataManager (Olap Cubes) and when I execute PowerBI Desktop with a user who doesn't have all the access, everything it's working.

But when I publish the report, this same user has all permissions 😕

In my AD, my local user @domain.local has @domain.com (same UPN)

What should I do ?

Thanks in advance

Best regards,

Matthieu

Anonymous · ‎11-20-2017

@v-jiascu-msft

Hi Dale,

Thanks again for your replies.

I tried several things, but I think my final solution is to rename the Source in PowerBI Desktop.

Both sources (Desktop / Gateway) were on the same serveur / database, but one was named "Cubes Olap" and the other "Olap".

It works now. Thanks again.

Best regards,

Matt

View solution in original post

v-jiascu-msft · ‎10-19-2017

@Anonymous,

Hi Matthieu,

It seems that your server allowed the access that was unauthorized. So you should restrict it from the server side.

If you only want to restrict the access of a Power BI dataset, you can try RLS. Reference: powerbi-admin-rls.

Best Regards!

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Anonymous · ‎10-23-2017

@v-jiascu-msft

Hi Dale,

I do a little schema to explain my problem:

My Enterprise Gateway is configured with User 1.

I tried to map :

user2@company.com to user2@company.local

and I tried again user2@company.com to company\user2

But my Gateway works with my AD Configuration, the email is in the AD card and I don't have to map for the USER 1, so I think I have not to map username.

Thanks in advance

Best regards,

Matthieu

v-jiascu-msft · ‎10-23-2017

@Anonymous,

Hi Matthieu,

I thought it was a Service from a party outside of Microsoft. Let's talk about some simple explanations first.

>>>The email address, that you sign into Power BI with, is what we will pass to Analysis Services as the effective user.

1. If your SSAS server is in a domain company.local, you could grant access to user1@company.local, user2@company.local.

2. If you log in Power BI Service with the same address like user1@company.local, you don't need to map users.

3. If you log in PBI Service with user1@company.com, you need to map users. And you need to map a user to a proper user in order to get the proper access.

Question: 1. Can you make it more clear what the type of connection is? Live or import?

2. How did you map the users?

Reference: https://powerbi.microsoft.com/en-us/documentation/powerbi-gateway-enterprise-manage-ssas/#map-user-names

Best Regards!

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Anonymous · ‎10-28-2017

@v-jiascu-msft

Hi Dale,

Thanks for your reply and sorry for the delay, I was at clients this week.

Question 1 : connection live or import

It's an import connection, but I tried with both, a report with live, a report with import, and I shared it to my test account with configured rights.

Same in both cases, I can see everything with this account.

Question 2 : users "mapping"

I have a local user which has the complete email as upn : user1@company.com

But.. in doubt I tried to map from PowerBI gateway online tool :

user1@company.com to company\user1

And i tried too

user1@company.com to user1@company.local

And too

User 1 to user1@company.local and company\user1

Still "nothing" because I can see everything..

Thanks in advance for ur help.

Best regards,

Matt

Anonymous · ‎11-20-2017

@v-jiascu-msft

Hi Dale,

Thanks again for your replies.

I tried several things, but I think my final solution is to rename the Source in PowerBI Desktop.

Both sources (Desktop / Gateway) were on the same serveur / database, but one was named "Cubes Olap" and the other "Olap".

It works now. Thanks again.

Best regards,

Matt

v-jiascu-msft · ‎11-20-2017

@Anonymous

Hi Matt,

Thank you very much for sharing. I will try your solution later.

Best Regards!

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.