Similar to this question.
I have a .Net Core Web App that embeds a PowerBI report, this report needs has Row Level Security applied at the data level in Azure Analysis Services using an on-premises data gateway.
I have configured the EffectiveIdentity to pass through the UPN using the CustomData option, I have also setup a role and DAX query on the role to filter the rows.
I have also setup the SQL Server Profiler as per this post and can confirm that the values being set inside CustomData are being passed through to Analysis services.
In the non-Azure version of Analysis Services, you can configure the data gateway inside the PowerBI web portal to [map usernames](https://learn.microsoft.com/en-us/power-bi/service-gateway-enterprise-manage-ssas#map-user-names. Since someone else setup the gateway (in Azure), and Azure Analysis Services is not a supported Data Source Type (not an option in the dropdown). I need to know if it is possible to view/change the Effective User names/CustomData setting.
So I finally figured this out, as far as I can tell UPN mapping is enabled by default.
In my specific case I ended up using the CustomData option as per the docs. Initially this wasn't behaving as expected because on my Azure Analysis Services Database I had two row filters, one on the main data table that was comparing the user's email against the USERPRINCIPAL() DAX function, then the filter that I added against the user table comparing the user's email against CUSTOMDATA() DAX function.
To get this to work I ended up removing my own filter against the user table and replacing the use of the USERPRINCIPAL() function in the initial filter with CUSTOMDATA() - I verified this change with our BI guy and he was happy with it.
I hope this saves someone else the trouble I had.
