We have a PowerBI dataset configured with row level security. This implementation is working as designed for all by one user. If we impersonate this user (in the local desktop or the online service) the security roles are applied and data is filter as expected, but when the user actually logs in directly, the reports do not render any data. The roles are defined to use the logged in users USERNAME() and matching that to their AAD UPN (AAD is a dataset in the PBI model).   Does anyone have any ideas on what could cause this behavior for a single user when logged in directly, but not as part of impersonnation (which shows the logic is sound)?