# Reports using Live Connection with Analysis Services do not load

When using Analysis Services and implementing an RLS (Row-Level Security) rule, it is common to face the challenge of having to map users individually in Power BI.

<figure><img src="/files/rxaU3uaesg3nkbtRK3J8" alt=""><figcaption><p>Mapping you need to do for each user, in each SSAS cube</p></figcaption></figure>

If you do not perform this mapping, you will see the following error message in Power BI when trying to access a report connected to Analysis Services (SSAS):

<figure><img src="/files/HBUrWPTeHuvbPWdXUfGq" alt=""><figcaption></figcaption></figure>

This process becomes even more complex when there are multiple cubes, requiring repetitive configuration for each cube, which can be both laborious and error-prone.

To access a report that uses Analysis Services in the Power BI service, you must configure a user mapping, providing the Entra ID user (<user@domain.com>) and the Windows Active Directory user (DOMAIN\user) for each user and each cube you want to access.

If you have 100 users and 20 cubes, you will need to create 2,000 mappings! And there is no Power BI API to automate this.

### Power Embedded always innovating

To improve the experience for our users, Power Embedded is introducing significant improvements to simplify this configuration.

On the user creation/editing screen, you can enter the Windows Active Directory (AD) username for this user.

<figure><img src="/files/vMYhYrBQ9ewwXsqELukk" alt=""><figcaption></figcaption></figure>

When accessing a report that uses a data source of type "AnalysisServices", Power Embedded will provide this Windows AD user, eliminating the need to manually configure the user mapping in the Power BI service for each user/cube.

With this new feature, once the "Windows AD User" field is filled in, Power Embedded automatically applies this configuration to all accessible cubes for this user, significantly reducing the complexity and effort required to maintain data security.

{% hint style="info" %}
This process only affects report viewing through Power Embedded. If you try to view directly through the Power BI service, you will still need to configure the mapping for each user, in each cube, to be able to view the reports.
{% endhint %}

Although Power BI does not have an API to automate this user mapping, Power Embedded has [an API](https://api.powerembedded.com.br/) where you can automate user registration/modification and provide the value of this field.

These improvements not only optimize security administration, but also reduce the workload associated with configuring and maintaining RLS in complex and large-scale environments, providing more efficient data management that is less prone to errors.

{% hint style="warning" %}
**Note:** This feature takes priority over the user pinning configuration per company in the [Data Sources](https://docs.powerembedded.com.br/administracao/artefatos/fontes-de-dados) registration. With this field filled in, the system will use this value in the user's AD mapping and ignore the user pinning configuration.
{% endhint %}

### Adding Administrator permission to the Gateway

For Power Embedded to implement row-level security (RLS) in the cubes that use this Gateway, it is necessary to grant Administrator permission to the application user (PowerEmbedded-App) on the Gateway through the Power BI Service.

Access the [Manage connections and gateways](https://app.powerbi.com/groups/me/gateways) screen and click the ***Manage on-premises data gateways*** option.

<figure><img src="/files/H4UPtDMKF3CkavQ77p0U" alt=""><figcaption></figcaption></figure>

Now click on the three ellipses (...) next to the gateway for which you want to grant permission and select the Manage Users option.

<figure><img src="/files/NwiHa9evOjBzJxGrp2ZI" alt=""><figcaption></figcaption></figure>

On the user management screen, search for the name of the application you are using in Power Embedded (the default name is *PowerEmbedded-App*), check the Administrator permission, and click the **Share** button.

<figure><img src="/files/3SI5h7omz3938dT7iX7l" alt=""><figcaption></figcaption></figure>

Now repeat this process for all gateways you need to manage and access data through Power Embedded, **especially if you plan to use a connection with Analysis Services (SSAS).**

{% hint style="warning" %}
**IMPORTANT:** It is not necessary to change the permissions on the data sources, since the Power Embedded user already has administrator permission on the Gateway.

This greatly reduces the effort of having to configure these permissions in each data source, since the number of data sources is much greater than the number of gateways.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.powerembedded.com.br/en/reports-portal/most-common-issues/reports-using-live-connection-with-analysis-services-dont-load.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.