Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
jyuan
Frequent Visitor

On-Prem SSAS tabular model row level security with Azure AD only accounts

‎02-11-2020 11:33 AM

Is it possible to set up dynamic row level security on on-prem SSAS tabular models with Azure AD accounts not synced to on-prem AD? If so, how to set it up? Users will consume the tabular model data through Power BI reports with on-prem SSAS tabular model as data source.

Labels:
Message 1 of 3
1,090 Views
0
2 REPLIES 2
v-alq-msft
Community Support
Community Support

‎02-11-2020 11:06 PM

Hi, @jyuan 

 

If you have an Analysis Services data source, you need to install the gateway on a computer joined to the same forest/domain as your Analysis Services server. 

 

Each time a user interacts with a report connected to Analysis Services, the effective user name is passed to the gateway and then passed on to your on-premises Analysis Services server. The email address that you use to sign in to Power BI is passed to Analysis Services as the effective user. It's passed in the connection property EffectiveUserName.

 

The email address must match a defined user principal name (UPN) within the local Active Directory domain. The UPN is a property of an Active Directory account. The Windows account must be present in an Analysis Services role. If a match can't be found in Active Directory, the sign-in isn't successful. 

 

You may use mapping user names for Analysis Services data sources in different ways:

  • Manual user remapping
  • On-premises Active Directory property lookup to remap Azure AD UPNs to Active Directory users (Active Directory lookup mapping)

 

For further information, please refer to the following link. It may help.

https://docs.microsoft.com/en-us/power-bi/service-gateway-enterprise-manage-ssas#map-user-names-for-...

 

Best Regards

Allan

 

If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 3 of 3
1,058 Views
0
GilbertQ
Super User
Super User

‎02-11-2020 02:42 PM
Hi there

As far as I know you would need to then manually map the UPN (From the Power BI Service) to the local Domain accounts.

This can be done in the Gateway Data Source settings, under Users, then Map Users. It is a manual process though.




Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 2 of 3
1,070 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All