cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

Honour Row-Level Security with XMLA Endpoints

 

Is it currently possible to honour row-level security with the XMLA endpoint, we're pulling data to present to end users but the cubes require the effective username to be supplied, trying the ChangeEffectiveUser(.. call returns the following error

 

"value of the 'EffectiveUserName' XML for Analysis property is not valid."

 

The documents here implies that it's not possible to provide the effectiveUser.. 

 

"Operations that require Analysis Services server admin permissions (rather than database admin) such as server-level traces and user impersonation using the EffectiveUserName connection-string property are not supported in Power BI Premium at this time."

 

Is this true? If so is it likely to change soon?

Cheers,
Ears.

6 REPLIES 6
GilbertQ
Super User
Super User

Hi @Anonymous 

 

I would test connecting directly to make sure it works and is configured as expected.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Anonymous
Not applicable

Hi @GilbertQ ,

Did you have any more thoughts on this, is this something you have experience of?

 

I could really do with an answer!

Many thanks in advance..

Ears.

GilbertQ
Super User
Super User

Hi @Anonymous 

 

I would then suggest to be able to pass through the UPN to to PBI Premium to allow the RLS to function.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Anonymous
Not applicable

We've tried passing the UPN by using "ChangeEffectiveUser" but we're getting the error (mentioned in my first post)

 

Value of the 'EffectiveUserName' XML for Analysis property is not valid.

 

It does mention in the link provided that it isnt' support ".. in Power BI Premium at this time"

 

Is this the case?

 

Cheers,

Ears

GilbertQ
Super User
Super User

Hi @Anonymous 

 

What are you trying to do with the XMLA end point?

 

You would need to log into the XMLA end point, and as long as you are in a defined role with the correct permissions you should be able to query the cube.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Anonymous
Not applicable

Hi @GilbertQ 

Cheers for your response.

 

We're calling the XMLA Endpoint in Power Bi Premium with a service principal from an AppService in Azure - It's a intranet application we have the users UPN in context of each call we just return data to the front-end web application.  (that's all working correctly)

 

We have a seperate system that manages the RLS , but for it to function we need to include the UPN in the request , when we try including the user UPN  we got the, perviously mentioned, error! 

Looking at the documentation it seems that we should be able to use the EffectiveUserName element.

 

I'm reading conflicting information; it should work if we grant the principal server rights, or; it's not supported in PBI Premium - 

Any ideas?

 

Cheers,Ears.

Helpful resources

Announcements
Power BI December 2021 Update_carousel 768x460.jpg

Check it Out!

Click here to read more about the December 2021 Updates!

Jan 2022 Dev Camp 768x460 copy.png

Power BI Dev Camp- January 27th, 2022

Mark your calendars and join us for our next Power BI Dev Camp!

UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!