Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
We have various Reports published via Apps all linked by live connection to an Azure SSAS cube.
Is it possible to grant users access to the App without having to also grant them individual access to the underlying cube? I was hoping the App might have some identity in Azure AD we could use to grant the App itself access to the cube.
The problem is that by granting the user access to the cube, as well as using the App, they can also then use Excel or any other tool to access the cube directly.
There is no gateway as the the Power BI reports published in the Service have a live connection to our Azure Analysis Service tabular models.
Could see how UPN mapping would sort out our problem, but presuambly Dynamic Row-Level Security is going to stop working without access to the actual user ID from the DAX USERPRINCIPALNAME function?
Well it would work, but as I said, we are using Azure based Analaysis Services, hence no gateway, and therefore no UPN mapping.
Hi @Anonymous
If you are using RLS you would always need to store the UPN so that it will then be transferred to AAS so they could be authenticated and then have the RLS applied.
I think you have confirmed what I thought, that users accessing a Power BI report/app connected live to an Azure tabular model where no gateway is involved (everything is happening in Azure), have to be granted access to the tabular model as well as the app.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.