Reports using Live Connection with Analysis Services do not load
When using Analysis Services and implementing an RLS (Row-Level Security) rule, it is common to face the challenge of having to map users individually in Power BI.
If you do not perform this mapping, you will see the following error message in Power BI when trying to access a report connected to Analysis Services (SSAS):
This process becomes even more complex when there are multiple cubes, requiring repetitive configuration for each cube, which can be both laborious and error-prone.
To access a report that uses Analysis Services in the Power BI service, you must configure a user mapping, providing the Entra ID user ([email protected]) and the Windows Active Directory user (DOMAIN\user) for each user and each cube you want to access.
If you have 100 users and 20 cubes, you will need to create 2,000 mappings! And there is no Power BI API to automate this.
Power Embedded always innovating
To improve the experience for our users, Power Embedded is introducing significant improvements to simplify this configuration.
On the user creation/editing screen, you can enter the Windows Active Directory (AD) username for this user.
When accessing a report that uses a data source of type "AnalysisServices", Power Embedded will provide this Windows AD user, eliminating the need to manually configure the user mapping in the Power BI service for each user/cube.
With this new feature, once the "Windows AD User" field is filled in, Power Embedded automatically applies this configuration to all accessible cubes for this user, significantly reducing the complexity and effort required to maintain data security.
This process only affects report viewing through Power Embedded. If you try to view directly through the Power BI service, you will still need to configure the mapping for each user, in each cube, to be able to view the reports.
Although Power BI does not have an API to automate this user mapping, Power Embedded has an API where you can automate user registration/modification and provide the value of this field.
These improvements not only optimize security administration, but also reduce the workload associated with configuring and maintaining RLS in complex and large-scale environments, providing more efficient data management that is less prone to errors.
Note: This feature takes priority over the user pinning configuration per company in the Data Sources registration. With this field filled in, the system will use this value in the user's AD mapping and ignore the user pinning configuration.
Adding Administrator permission to the Gateway
For Power Embedded to implement row-level security (RLS) in the cubes that use this Gateway, it is necessary to grant Administrator permission to the application user (PowerEmbedded-App) on the Gateway through the Power BI Service.
Access the Manage connections and gateways screen and click the Manage on-premises data gateways option.
Now click on the three ellipses (...) next to the gateway for which you want to grant permission and select the Manage Users option.
On the user management screen, search for the name of the application you are using in Power Embedded (the default name is PowerEmbedded-App), check the Administrator permission, and click the Share button.
Now repeat this process for all gateways you need to manage and access data through Power Embedded, especially if you plan to use a connection with Analysis Services (SSAS).
IMPORTANT: It is not necessary to change the permissions on the data sources, since the Power Embedded user already has administrator permission on the Gateway.
This greatly reduces the effort of having to configure these permissions in each data source, since the number of data sources is much greater than the number of gateways.
Last updated