Reply
avatar user
Anonymous
Not applicable

Honour Row-Level Security with XMLA Endpoints

 

Is it currently possible to honour row-level security with the XMLA endpoint, we're pulling data to present to end users but the cubes require the effective username to be supplied, trying the ChangeEffectiveUser(.. call returns the following error

 

"value of the 'EffectiveUserName' XML for Analysis property is not valid."

 

The documents here implies that it's not possible to provide the effectiveUser.. 

 

"Operations that require Analysis Services server admin permissions (rather than database admin) such as server-level traces and user impersonation using the EffectiveUserName connection-string property are not supported in Power BI Premium at this time."

 

Is this true? If so is it likely to change soon?

Cheers,
Ears.

6 REPLIES 6
GilbertQ
Super User
Super User

Hi @Anonymous 

 

I would test connecting directly to make sure it works and is configured as expected.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

avatar user
Anonymous
Not applicable

Hi @GilbertQ ,

Did you have any more thoughts on this, is this something you have experience of?

 

I could really do with an answer!

Many thanks in advance..

Ears.

GilbertQ
Super User
Super User

Hi @Anonymous 

 

I would then suggest to be able to pass through the UPN to to PBI Premium to allow the RLS to function.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

avatar user
Anonymous
Not applicable

We've tried passing the UPN by using "ChangeEffectiveUser" but we're getting the error (mentioned in my first post)

 

Value of the 'EffectiveUserName' XML for Analysis property is not valid.

 

It does mention in the link provided that it isnt' support ".. in Power BI Premium at this time"

 

Is this the case?

 

Cheers,

Ears

GilbertQ
Super User
Super User

Hi @Anonymous 

 

What are you trying to do with the XMLA end point?

 

You would need to log into the XMLA end point, and as long as you are in a defined role with the correct permissions you should be able to query the cube.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

avatar user
Anonymous
Not applicable

Hi @GilbertQ 

Cheers for your response.

 

We're calling the XMLA Endpoint in Power Bi Premium with a service principal from an AppService in Azure - It's a intranet application we have the users UPN in context of each call we just return data to the front-end web application.  (that's all working correctly)

 

We have a seperate system that manages the RLS , but for it to function we need to include the UPN in the request , when we try including the user UPN  we got the, perviously mentioned, error! 

Looking at the documentation it seems that we should be able to use the EffectiveUserName element.

 

I'm reading conflicting information; it should work if we grant the principal server rights, or; it's not supported in PBI Premium - 

Any ideas?

 

Cheers,Ears.

avatar user

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Jan25PBI_Carousel

Power BI Monthly Update - January 2025

Check out the January 2025 Power BI update to learn about new features in Reporting, Modeling, and Data Connectivity.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

Top Solution Authors (Last Month)
Top Kudoed Authors (Last Month)