Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
Just to be clear, I found the following link that says SQL Server *is* supported for Kerberos constrained delegation:
https://docs.microsoft.com/en-us/power-bi/service-gateway-sso-kerberos
... but it sounds like you are telling me that doesn't refer to SSAS MD, but is only referring to the SQL relational database? Am I getting that right?
Why was SSAS MD excluded from this feature? We've been using Kerberos delegation to query our OLAP MD cubes for many, many years (eg. from Excel Services in Sharepoint). I would have thought this would be just as easy to support this feature for SSAS MD as it is for the SQL relational database.
I'm not crazy about the requirement of sharing the SSAS Server Admin credentials out to people who are developing Power BI reports and dashboards. If they don't need it to create an Excel workbook, they shouldn't need it to create a Power BI report.
I am new to Power BI. Is this going to be a regular theme? Will it typically require granting super-user credentials to any data sources that are used? So far I've only played with connecting to SSAS MD via the gateway.
>> You have to remember that in order to connect to an SSAS Instance be that MD or Tabular it has to first authenticate with an Admin Account.
I remember this very well and it is my main complaint. A team responsible for building reports shouldn't have to have the server-admin credentials to the entire SSAS instance. That seems totally silly, considering that the BI reports themselves don't require that level of authorization.
Now that other data sources are capable of using normal Kerberos KCD, it is unfortunate that SSAS MD is left out in the cold.
I will test the "effective user" behavior and see if it will work for us in our environment. After reading over the available docs, they don't make me very optimistic (ie. UPN's needing to match email addresses, user-mapping needs to be done manually in some cases, etc).
>> With regards to SSAS MD due to it being an older technology it was not built for the cloud,
OK, let me ask what is older SQL relational databases, or SQL analysis services? Both of these are very mature and if they are supporting SSO with with SQL relational databases, they should do it with SSAS MD too. We've been using Kerberos KCD on-prem with SSAS for many years. It seems unfortunate that Microsoft wouldn't get the Power BI service to do Kerberos KCD with SSAS, the same as they do for SQL relational databases.
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.