Microsoft Power BI XMLA Connection Details

Introduction

Connector Version

This documentation is based on version 25.0.9368 of the connector.

Get Started

Microsoft Power BI XMLA Version Support

The connector wraps the complexity of connecting to Microsoft Power BI XMLA in a standard driver: execute SQL-92 queries or pass through MDX queries from relational tools.

Establish a Connection

Connect to Microsoft Power BI XMLA

Establishing a connection to Microsoft Power BI XMLA involves three main steps:

1. Select the appropriate authentication method based on your environment.
2. Configure the required connection properties (such as tokens, secrets, or certificates).
3. Set the target Power BI workspace.

Important: Only workspaces that are hosted in a Power BI Premium capacity are supported.

If the workspace does not have Premium capacity, the connection will fail. To verify this in Power BI, open the workspace in your browser and look for a diamond icon next to the workspace name. This is a built-in indicator in the Power BI user interface that identifies workspaces backed by Premium capacity. If the icon is missing, the workspace is not compatible for XMLA connectivity. For more details, see Which Power BI license do I have?

Step 1: Selecting an Authentication Method

Set the AuthScheme property to select the authentication flow that matches your deployment scenario. Supported values include:

• Microsoft Entra ID – For interactive, user-based login flows.
  • Best suited for desktop applications, development environments, or scenarios where users authenticate through a browser.
  • Supports an embedded OAuth application for simplified setup. However, use a custom app instead if your organization requires advanced security policies or if you're deploying a web-based solution, which requires a registered redirect URI.
  • To register a custom OAuth application for this authentication method, see Creating an Entra ID (Microsoft Entra ID) Application.
• AzureServicePrincipal – For headless, service-to-service authentication using a client ID and secret.
  • Ideal for CI/CD pipelines, background services, and automated workflows.
  • Requires a custom OAuth application and securely stored client credentials.
  • To register a custom OAuth application and configure client credentials for this method, see Creating a Service Principal App in Entra ID.
• AzureServicePrincipalCert – For certificate-based authentication in secure or regulated environments.
  • Best for long-running jobs in security-sensitive environments with strict compliance requirements.
  • Requires a custom OAuth application and a valid client certificate.
  • To register a custom OAuth application and upload a client certificate, see Creating a Service Principal App in Entra ID.

Step 2: Configure Required Connection Properties

After setting AuthScheme, set the connection properties required for your selected authentication method. These properties allow the driver to authenticate securely and request access tokens from Microsoft Entra ID (formerly Microsoft Entra ID). The exact set of properties vary depending on whether you are using an embedded or custom OAuth application, and whether you're authenticating with user credentials, a client secret, or a certificate.

For a list of required permissions and endpoint domains, see OAuth Permissions and Endpoints.

Step 3: Set the Target Workspace

After authentication is configured, set the Workspace property to specify the Microsoft Power BI workspace you want to connect to. Only workspaces that are hosted in a Power BI Premium capacity are supported. If the workspace does not have Premium capacity, the connection will fail.

You can verify workspace capacity by opening the workspace in Power BI. Look for a diamond icon next to the workspace name. This indicates that the workspace is backed by Premium capacity.

For more details, see Which Power BI license do I have?

Important: If you are authenticating with a service principal, it must be assigned the Admin role in the target workspace. Viewer access is not sufficient for XMLA connectivity.

Entra ID (Microsoft Entra ID)

Microsoft Entra ID is a multi-tenant, cloud-based identity and access management platform. It supports OAuth-based authentication flows that enable the driver to access Microsoft Power BI XMLA endpoints securely.

Authentication to Entra ID via a web application always requires that you first create and register a custom OAuth application. This enables your application to define its own redirect URI, manage credential scope, and comply with organization-specific security policies.

For full instructions on how to create and register a custom OAuth application, see Creating an Entra ID (Microsoft Entra ID) Application.

After setting AuthScheme to Microsoft Entra ID, the steps to authenticate vary, depending on the environment. For details on how to connect from desktop applications, web-based workflows, or headless systems, see the following sections..

Desktop Applications

You can authenticate from a desktop application using either the driver's embedded OAuth application or a custom OAuth application registered in Microsoft Entra ID.

Option 1: Use the Embedded OAuth Application

This is a pre-registered application, included with the driver. It simplifies setup and eliminates the need to register your own credentials and is ideal for development environments, single-user tools, or any setup where quick and easy authentication is preferred.

Set the following connection properties:

• AuthScheme: Microsoft Entra ID
• InitiateOAuth:
  • GETANDREFRESH – Use for the initial login. Launches the login page and saves tokens.
  • REFRESH – Use this setting when you have already obtained valid access and refresh tokens. Reuses stored tokens without prompting the user again.

When you connect, the driver opens the Microsoft Entra sign-in page in your default browser. After signing in and granting access, the driver retrieves the access and refresh tokens and saves them to the path specified by OAuthSettingsLocation.

Option 2: Use a Custom OAuth Application

If your organization requires more control, such as managing security policies, redirect URIs, or application branding, you can instead register a custom OAuth application in Microsoft Entra ID and provide its values during connection.

During registration, record the following values:

• OAuthClientId: The client ID that was generated when you registered your custom OAuth application.
• OAuthClientSecret: The client secret that was that was generated when you registered your custom OAuth application.
• CallbackURL: A redirect URI you defined during application registration.

For full instructions on how to register a custom OAuth application and configure redirect URIs, see Creating an Entra ID (Microsoft Entra ID) Application.

Set the following connection properties:

• AuthScheme: Microsoft Entra ID
• InitiateOAuth:
  • GETANDREFRESH – Use for the initial login. Launches the login page and saves tokens.
  • REFRESH – Use this setting when you have already obtained valid access and refresh tokens. Reuses stored tokens without prompting the user again.
• OAuthClientId: The client ID that was generated when you registered your custom OAuth application.
• OAuthClientSecret: The client secret that was generated when you registered your custom OAuth application.
• CallbackURL: A redirect URI you defined during application registration.

After authentication, tokens are saved to OAuthSettingsLocation. These values persist across sessions and are used to automatically refresh the access token when it expires, so you don't need to log in again on future connections.

Microsoft Entra service principal

Service principals are security objects within a Microsoft Entra ID (Microsoft Entra ID) application that define what that application can do within a specific tenant. Service principals are created in the Entra admin center, also accessible through the Azure portal. As part of the creation process we also specify whether the service principal will access Entra resources via a client secret or a certificate.

Instead of being tied to a particular user, service principal permissions are based on the roles assigned to them. These roles determine which resources the application can access and which operations it can perform.

When authenticating using a service principal, you must register an application with an Entra tenant, as described in Creating a Service Principal App in Entra ID.

This subsection describes properties you must set before you can connect. These vary, depending on whether you will authenticate via a client secret or a certificate.

Authentication with Client Secret

• AuthScheme: AzureServicePrincipal.
• AzureTenant: The Microsoft Entra ID tenant to which you will connect.
• OAuthClientId: The client ID in your application settings.
• OAuthClientSecret: The client secret in your application settings.
• InitiateOAuth: GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.

Authentication with Certificate

• AuthScheme: AzureServicePrincipalCert.
• AzureTenant: The Microsoft Entra ID tenant to which you will connect.
• OAuthClientId: The client ID in your application settings.
• OAuthJWTCert: The JWT Certificate store.
• OAuthJWTCertType: The JWT Certificate store type.
• InitiateOAuth: GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.

Troubleshooting Connection Issues

For help with common errors and setup problems, see Connection Troubleshooting.

Create an Entra ID (Microsoft Entra ID) Application

Create an Entra ID (Microsoft Entra ID) Application

Microsoft Power BI XMLA supports OAuth-based authentication using Microsoft Entra ID. If you will connect via a web application and want to authenticate via Entra ID, you must first register a custom OAuth application in the Entra Admin Center, as described below.

If you will connect via a desktop application or headless machine, you can authenticate using Microsoft Power BI XMLA's built-in embedded application credentials, which use branding. However, custom OAuth applications are also compatible with desktop and headless authentication flows, and may be preferable for production deployments or environments requiring strict policy control.

Register the Application

To register an OAuth application in Microsoft Entra ID, follow these steps:

1. Go to https://portal.azure.com.

2. In the left-hand navigation pane, select Microsoft Entra ID > App registrations.

3. Click New registration.

4. Enter a name for the application.

5. Specify the types of accounts this application should support:

   • For private-use applications, select Accounts in this organization directory only.
   • For distributed applications, select one of the multi-tenant options.

   Note

   If you select Accounts in this organizational directory only, when you connect with Microsoft Power BI XMLA connector, you must set AzureTenant to the tenant's ID (either GUID or verified domain). Otherwise, authentication will fail.

6. Set the redirect URI to http://localhost:33333 (default), or use another URI appropriate for your deployment.

   When using a custom redirect URI set a CallbackURL connection property; in those cases, set it to match this URI exactly.

7. Click Register. The application management screen opens. Record these values for later use:

   • Application (client) ID is used for OAuthClientId
   • Directory (tenant) ID is used for AzureTenant

8. Go to Certificates & Secrets. Click New Client Secret, set the desired expiration, and save the generated value. This value will only be shown once — record it to use with OAuthClientSecret.

9. Navigate to API Permissions and select Power BI Service -> Application permissions -> Dataset.Read.All and Workspace.Read.All.

10. To confirm, click Add permissions.

Create a Service Principal App in Entra ID

Create a Service Principal App in Entra ID (Microsoft Entra ID)

Microsoft Power BI XMLA supports Service Principal-based authentication, which is role-based. This means that the Service Principal's permissions are determined by the roles assigned to it. The roles specify what resources the Service Principal can access and which operations it can perform.

If you want to use a Service Principal to authenticate to Microsoft Power BI XMLA, you must create a custom application in Microsoft Entra ID.

To enable Service Principal authentication:

• Confirm that you have permission to register applications and assign roles in your tenant.
• Register a new application and configure credentials and permissions in the Entra Admin Center.

Register the Application

1. Go to https://portal.azure.com.
2. In the left-hand navigation pane, select Microsoft Entra ID > App registrations.
3. Click New registration.
4. Enter a name for the application.
5. Select the desired tenant setup. Since this custom application is for Service Principal use, choose Any Microsoft Entra ID tenant – Multitenant.
6. Click Register. The application management screen opens. Note the value in Application (client) ID as the OAuthClientId and the Directory (tenant) ID as the AzureTenant
7. Navigate to Certificates & Secrets and define the application authentication type. Two types of authentication are available: certificate (recommended) or client secret
   • For certificate authentication: In Certificates & Secrets, select Upload certificate, then upload the certificate from your local machine. For more information on creating a self-signed certificate, see Create a self-signed certificate
   • For creating a new client secret: In Certificates & Secrets, select New Client Secret for the application and specify its duration. After the client secret is saved, Microsoft Power BI XMLA displays the key value. This value is displayed only once, so be sure to record it for future use. Use this value for the OAuthClientSecret
8. Navigate to Authentication and select the Access tokens option.
9. Navigate to API Permissions and select Power BI Service -> Application permissions -> Dataset.Read.All and Workspace.Read.All.
10. Save your changes.
11. If you specified permissions that require admin consent (such as the Application Permissions), you can grant them from the current tenant on the API Permissions page.

Grant Admin Consent

Some custom applications require administrative permissions to operate within a Microsoft Entra ID tenant. This is especially true for applications that use Application permissions, which allow the app to run without a signed-in user. Admin consent can be granted when creating a new application, by adding relevant permissions marked as "Admin Consent Required".

Admin consent is also required to use Client Credentials in the authentication flow.

These permissions must be granted by an admin. To grant admin consent:

1. Log in to https://portal.azure.com with an administrator account.
2. Navigate to Microsoft Entra ID > App registrations and select your registered application.
3. Navigate to API permissions.
4. Review the permissions listed under Application permissions. Ensure the necessary API scopes are included for your use case.
5. Click Grant admin consent to approve the requested permissions.

This gives your application permissions on the tenant under which it was created.

Consent for Client Credentials

OAuth supports the use of client credentials to authenticate. In a client credentials authentication flow, credentials are created for the authenticating application itself. The auth flow acts just like the usual auth flow, except that there is no prompt for an associated user to provide credentials. All tasks accepted by the application are executed outside of the context of a default user.

1. Log in to https://portal.azure.com
2. Create a custom OAuth application, as described above.
3. Navigate to App Registrations.
4. Find the application you just created, and open API Permissions.
5. Select the Microsoft Graph permissions. There are two distinct sets of permissions: Delegated and Application.
6. For use with Service Principal, specify Application permissions.
7. Select the permissions you require for your integration.

Client OAuth Flow With a Certificate

All permissions related to the client authentication flow require admin consent. This means the application embedded with the Microsoft Power BI XMLA connector cannot be used in the client authentication flow. You must create your own OAuth application in order to use client credentials, as described above. After your OAuth application is created:

1. Return to https://portal.azure.com.
2. Navigate to App Registration.
3. Find the application you just created.
4. Under API Permissions, select the Microsoft Graph permissions.
   There are two distinct sets of permissions: Delegated permissions and Application permissions. The permissions used during client credential authentication are under Application permissions
5. Select the permissions that apply to your particular integration.

OAuth Permissions and Endpoints

Required Permissions and Endpoint Domains for Microsoft Power BI XMLA

When integrating with Microsoft Power BI XMLA, your application needs specific permissions to interact with the API.

This topic provides information about the required OAuth permissions and endpoint domains for the Microsoft Power BI XMLA connector.

Understand Permissions

Microsoft Power BI XMLA does not use traditional OAuth scopes (like read, write, or admin) in the way that some APIs do. Instead, access is granted by assigning specific API permissions to your Microsoft Entra application registration.

These permissions fall into two categories:

• Delegated permissions are used when a signed-in user is present. The app acts on behalf of that user.
• Application permissions are used when no user is present. The app runs as itself, often as a background service or daemon.

Power BI XMLA only supports Application permissions. You must configure your OAuth application to request Application permissions, not Delegated permissions.

Required Permissions for Microsoft Power BI XMLA

Your OAuth application must request the following Application permissions from Microsoft Entra ID:

Understand Endpoint Domains

Endpoint domains are the specific URLs that the application needs to communicate with in order to authenticate, retrieve records, and perform other essential operations. Allowlisting these domains ensures that the network traffic between your application and the API is not blocked by firewalls or security settings.

Required Endpoint Domains for Microsoft Power BI XMLA

Retrieve PowerBI Data

Microsoft Power BI XMLA is an OLAP database that exposes data as cubes, which you query with MDX (multidimensional expressions). The connector models these cubes in relational views that you can query with SQL-92. The following mapping is for the layout of the model:

• Catalog - Displayed in the connector as a Catalog.
• Cube - Displayed in the connector as a Schema.
• Measure - Available in the connector under the special Measures view.
• Dimension - Each dimension is exposed as a view.
• Level - Each individual level of a hierarchy is exposed as a column on the appropriate dimension view.

Join Measures and Dimensions

In order to retrieve measures per specific level value, issue a join between the Measure view and any Dimension or set of dimensions. For example, issuing the following will retrieve the number of customers in each city:

SELECT m.[Customer Count], c.[City]
FROM [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Customer AS c
INNER JOIN [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Measures AS m

Note that there is no ON condition necessary. That is because tables are already related appropriately in Microsoft Power BI XMLA. If you are using a tool that requires ON conditions, set IncludeJoinColumns to true. This will append a number of foreign key columns to each view which will relate them to one another another. These columns will not return data on their own, but may be picked up on automatically with tools to construct the ON conditions for joins where needed.

Aggregate Data

Data stored in Microsoft Power BI XMLA is already aggregated. In many cases, attempting to retrieve an aggregate may be syntactically equivalent to not specifying anything. For example, the following query will return the exact same data as the previous:

SELECT SUM(m.[Customer Count]), c.[City]
FROM [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Customer AS c
INNER JOIN [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Measures AS m
GROUP BY c.[City]

The exception to this rule is when an aggregation of filtered results is requested. In such cases, a calculation will be requested from Microsoft Power BI XMLA. For example, to calculate the sum and average of customers in France and Germany:

SELECT SUM(m.[Customer Count]), AVG(m.[Customer Count]), c.[Country]
FROM [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Customer AS c
INNER JOIN [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Measures AS m
WHERE c.[Country] IN ('France', 'Germany')
GROUP BY c.[Country]

Select Multiple Hierarchies

In Microsoft Power BI XMLA, individual dimensions are made up of hierarchies which may have one or more levels. For instance, the AdventureWorks Customers table has City, Country and Gender. City and Country are part of the same hierarchy while Gender is its own hierarchy.

When selecting multiple hierarchies, the method to support this is to cross join the values in MDX. While not obvious from a relational table model of the data as the connector presents, this can cause for very expensive queries to be executed. For example, executing the following:

SELECT c.[Country], m.[Customer Count]
FROM [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Customer AS c
INNER JOIN [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Measures AS m

Will result in 6 rows. However, selecting Gender as well:

SELECT c.[Country], c.[Gender], m.[Customer Count]
FROM [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Customer AS c
INNER JOIN [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Measures AS m

Will now result in 12 rows. It is because Gender and Country are on different hierarchies, thus a crossjoin is required in order to return both together. Each additional hierarchy added to the SELECT will multiply the total results by the number of available values in that hierarchy. Thus to get a count of how many rows to expect, one can execute the following:

SELECT (COUNT(c.[Country])*COUNT(c.[Gender])) AS totalrows
FROM [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Customer AS c 

Response Row Limit

Due to how selecting multiple hierarchies will multiply the total number of result rows, it is possible to balloon the number of response rows very quickly, which will result in timeouts. In order to try and give some visibility into what queries will be very expensive, the ResponseRowLimit connection property has been added as a mechanism to guide users into an ideal configuration. When set, it will calculate how many rows to expect before any query is executed. If the number of predicted rows exceeds the limit, an error will be thrown indicating how many rows to expect back with the query.

It is recommended to select only the columns required or to apply a WHERE criteria. Both can significantly reduce the number of response rows, which will have a huge impact on performance. If you are already familiar with the connector and what queries may be expensive, ResponseRowLimit may be disabled by setting it to 0.

Fine-Tuning Data Access

Fine Tuning Data Access

The following are properties that allow for more granular control over data access:

• UseMDX: Indicates if MDX queries are being submitted. By default this is false, which will cause the driver to accept only SQL-92 compliant queries. Setting this property to true will cause all queries to be passed through directly to Microsoft Power BI XMLA.

• ExtraProperties: Additional properties to submit along with an MDX query. Only meaningful if UseMDX is true.

• IncludeJoinColumns: Boolean indicating if extra columns used to make ON conditions with joins should be added.

  These do not come back with any values - they are added purely to enable tools that require them in order to automatically set up relationships between tables when creating joins.

• ResponseRowLimit: Sets a calculated limit on the number of rows to allow the user to select before returning an error.

  Because queries are being translated to MDX, selecting only a few columns may exponentially multiply the number of expected results.

  For this reason, ResponseRowLimit is available to try and give some guidance on what types of queries are likely to result in a Timeout. May be disabled by setting to 0.

Connection Troubleshooting

If authentication succeeds but data isn't returned, or if you encounter errors when trying to access metadata or workspaces, check the following:

Blank Dataset Previews or No Tables Returned

• Ensure your AzureTenant value is correct — it must match the tenant ID (GUID or verified domain) where your Power BI workspace resides.
• Confirm that the Power BI workspace is backed by a Premium capacity. Non-premium workspaces are not accessible over the XMLA endpoint.
• If using a Service Principal, it must be assigned as an admin to the workspace. Viewer or Contributor roles are not sufficient.

OAuth Token Refresh Issues

• If you receive token expiration errors, confirm that InitiateOAuth is set to REFRESH after the initial token exchange.
• Check that OAuthSettingsLocation points to a file the driver can read and write, especially in headless environments.
• Refresh tokens may expire or be revoked; if this occurs, you must repeat the full OAuth flow.

Miss Admin Consent or Misconfigured Permissions

• Review your application's permissions under API Permissions in the Entra admin center.
• If your app uses Application permissions, an administrator must grant tenant-wide consent.
• Missing permissions (Dataset.Read.All) or incorrect permission types (Delegated vs. Application) can cause silent failures.

AzureTenant Issues

• If the tenant ID is missing or incorrect, authentication may succeed but no data will be available.
• You can use either the GUID or the verified domain name of the tenant, but they must match the tenant where your workspace is hosted.

Delays in Permission Propagation

• After assigning a role (for example, Service Principal access to a workspace), it may take several minutes for permissions to propagate.
• If your app was just registered or updated, wait a few minutes and retry the connection.

Important Notes

Configuration Files and Their Paths

• All references to adding configuration files and their paths refer to files and locations on the Jitterbit agent where the connector is installed. These paths are to be adjusted as appropriate depending on the agent and the operating system. If multiple agents are used in an agent group, identical files will be required on each agent.

Advanced Features

This section details a selection of advanced features of the Microsoft Power BI XMLA connector.

User Defined Views

The connector supports the use of user defined views, virtual tables whose contents are decided by a pre-configured user defined query. These views are useful when you cannot directly control queries being issued to the drivers. For an overview of creating and configuring custom views, see User Defined Views.

SSL Configuration

Use SSL Configuration to adjust how connector handles TLS/SSL certificate negotiations. You can choose from various certificate formats. For further information, see the SSLServerCert property under "Connection String Options".

Proxy

To configure the connector using private agent proxy settings, select the Use Proxy Settings checkbox on the connection configuration screen.

Query Processing

The connector offloads as much of the SELECT statement processing as possible to Microsoft Power BI XMLA and then processes the rest of the query in memory (client-side).

For further information, see Query Processing.

Log

For an overview of configuration settings that can be used to refine logging, see Logging. Only two connection properties are required for basic logging, but there are numerous features that support more refined logging, which enables you to use the LogModules connection property to specify subsets of information to be logged.

User Defined Views

The Microsoft Power BI XMLA connector supports the use of user defined views: user-defined virtual tables whose contents are decided by a preconfigured query. User defined views are useful in situations where you cannot directly control the query being issued to the driver; for example, when using the driver from Jitterbit.

Use a user defined view to define predicates that are always applied. If you specify additional predicates in the query to the view, they are combined with the query already defined as part of the view.

There are two ways to create user defined views:

• Create a JSON-formatted configuration file defining the views you want.
• DDL statements.

Define Views Using a Configuration File

User defined views are defined in a JSON-formatted configuration file called UserDefinedViews.json. The connector automatically detects the views specified in this file.

You can also have multiple view definitions and control them using the UserDefinedViews connection property. When you use this property, only the specified views are seen by the connector.

This user defined view configuration file is formatted so that each root element defines the name of a view, and includes a child element, called query, which contains the custom SQL query for the view.

For example:

{
    "MyView": {
        "query": "SELECT * FROM [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Customer WHERE MyColumn = 'value'"
    },
    "MyView2": {
        "query": "SELECT * FROM MyTable WHERE Id IN (1,2,3)"
    }
}

Use the UserDefinedViews connection property to specify the location of your JSON configuration file. For example:

"UserDefinedViews", "C:\Users\yourusername\Desktop\tmp\UserDefinedViews.json"

Define Views Using DDL Statements

The connector is also capable of creating and altering the schema via DDL Statements such as CREATE LOCAL VIEW, ALTER LOCAL VIEW, and DROP LOCAL VIEW.

Create a View

To create a new view using DDL statements, provide the view name and query as follows:

CREATE LOCAL VIEW [MyViewName] AS SELECT * FROM Customers LIMIT 20;

If no JSON file exists, the above code creates one. The view is then created in the JSON configuration file and is now discoverable. The JSON file location is specified by the UserDefinedViews connection property.

Alter a View

To alter an existing view, provide the name of an existing view alongside the new query you would like to use instead:

ALTER LOCAL VIEW [MyViewName] AS SELECT * FROM Customers WHERE TimeModified > '3/1/2020';

The view is then updated in the JSON configuration file.

Drop a View

To drop an existing view, provide the name of an existing schema alongside the new query you would like to use instead.

DROP LOCAL VIEW [MyViewName]

This removes the view from the JSON configuration file. It can no longer be queried.

Schema for User Defined Views

In order to avoid a view's name clashing with an actual entity in the data model, user defined views are exposed in the UserViews schema by default. To change the name of the schema used for UserViews, reset the UserViewsSchemaName property.

Work with User Defined Views

For example, a SQL statement with a user defined view called UserViews.RCustomers only lists customers in Raleigh:

SELECT * FROM Customers WHERE City = 'Raleigh';

An example of a query to the driver:

SELECT * FROM UserViews.RCustomers WHERE Status = 'Active';

Resulting in the effective query to the source:

SELECT * FROM Customers WHERE City = 'Raleigh' AND Status = 'Active';

That is a very simple example of a query to a user defined view that is effectively a combination of the view query and the view definition. It is possible to compose these queries in much more complex patterns. All SQL operations are allowed in both queries and are combined when appropriate.

SSL Configuration

Customize the SSL Configuration

By default, the connector attempts to negotiate TLS with the server. The server certificate is validated against the default system trusted certificate store. You can override how the certificate gets validated using the SSLServerCert connection property.

To specify another certificate, see the SSLServerCert connection property.

Data Model

The Microsoft Power BI XMLA connector models dimensions as tables, cubes as schemas, and a combination of the Workspace and DataSet Catalog as the Catalog. Live connectivity to these objects means any changes to your Microsoft Power BI XMLA account are immediately reflected when using the connector.

Notes:

• You can connect the connector to multiple Workspaces simultaneously by supplying a comma-separated list of Workspaces in the Workspace property. The result is that each Workspace shows up in the Catalogs as WorkspaceName_CatalogName.
• The connector models Microsoft Power BI XMLA entities like documents, folders, and groups as relational views, which allows you to write SQL to query Microsoft Power BI XMLA data.

Measure Attributes

By default, all measure attributes are listed in a 'Measures' view. However, you can set SplitMeasures to 'true' to split the measures view. The result is that each measure attribute is included in its respective view based on the Measure Group value. Further classification based on 'Measure Directories' is not included.

Stored Procedures

Stored Procedures are actions that are invoked via SQL queries. They perform tasks beyond standard CRUD operations, including downloading documents and moving envelopes.

Stored Procedures

Stored procedures are function-like interfaces that extend the functionality of the connector beyond simple SELECT operations with Microsoft Power BI XMLA.

Stored procedures accept a list of parameters, perform their intended function, and then return any relevant response data from Microsoft Power BI XMLA, along with an indication of whether the procedure succeeded or failed.

Microsoft Power BI XMLA Connector Stored Procedures

GetAdminConsentURL

Retrieves the admin consent URL, which must be opened by an administrator of the specified domain to grant your application access. This is required only when using custom OAuth credentials.

Input

Result Set Columns

GetOAuthAccessToken

Fetches the OAuth Access Token, which is used to authenticate and authorize API calls made to Power BI XMLA.

Input

Result Set Columns

GetOAuthAuthorizationUrl

Retrieves the OAuth authorization URL, allowing the client to direct the user's browser to the authorization server and initiate the OAuth process.

Input

Result Set Columns

RefreshOAuthAccessToken

Refreshes an expired OAuth access token to maintain continuous authenticated access to Power BI XMLA resources without requiring reauthorization from the user.

Input

Result Set Columns

System Tables

You can query the system tables described in this section to access schema information, information on data source functionality, and batch operation statistics.

Schema Tables

The following tables return database metadata for Microsoft Power BI XMLA:

• sys_catalogs: Lists the available databases.
• sys_schemas: Lists the available schemas.
• sys_tables: Lists the available tables and views.
• sys_tablecolumns: Describes the columns of the available tables and views.
• sys_procedures: Describes the available stored procedures.
• sys_procedureparameters: Describes stored procedure parameters.
• sys_keycolumns: Describes the primary and foreign keys.
• sys_indexes: Describes the available indexes.

Data Source Tables

The following tables return information about how to connect to and query the data source:

• sys_connection_props: Returns information on the available connection properties.
• sys_sqlinfo: Describes the SELECT queries that the connector can offload to the data source.

Query Information Tables

The following table returns query statistics for data modification queries:

• sys_identity: Returns information about batch operations or single updates.

sys_catalogs

Lists the available databases.

The following query retrieves all databases determined by the connection string:

SELECT * FROM sys_catalogs

Columns

sys_schemas

Lists the available schemas.

The following query retrieves all available schemas:

SELECT * FROM sys_schemas

Columns

sys_tables

Lists the available tables.

The following query retrieves the available tables and views:

SELECT * FROM sys_tables

Columns

sys_tablecolumns

Describes the columns of the available tables and views.

The following query returns the columns and data types for the [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Customer table:

SELECT ColumnName, DataTypeName FROM sys_tablecolumns WHERE TableName='Customer' AND CatalogName='AdventureWorksDW2012Multidimensional-SE' AND SchemaName='Adventure Works'

Columns

sys_procedures

Lists the available stored procedures.

The following query retrieves the available stored procedures:

SELECT * FROM sys_procedures

Columns

sys_procedureparameters

Describes stored procedure parameters.

The following query returns information about all of the input parameters for the SelectEntries stored procedure:

SELECT * FROM sys_procedureparameters WHERE ProcedureName = 'SelectEntries' AND Direction = 1 OR Direction = 2

To include result set columns in addition to the parameters, set the IncludeResultColumns pseudo column to True:

SELECT * FROM sys_procedureparameters WHERE ProcedureName = 'SelectEntries' AND IncludeResultColumns='True'

Columns

Pseudo-Columns

sys_keycolumns

Describes the primary and foreign keys.

The following query retrieves the primary key for the [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Customer table:

SELECT * FROM sys_keycolumns WHERE IsKey='True' AND TableName='Customer' AND CatalogName='AdventureWorksDW2012Multidimensional-SE' AND SchemaName='Adventure Works'

Columns

sys_foreignkeys

Describes the foreign keys.

The following query retrieves all foreign keys which refer to other tables:

SELECT * FROM sys_foreignkeys WHERE ForeignKeyType = 'FOREIGNKEY_TYPE_IMPORT'

Columns

sys_primarykeys

Describes the primary keys.

The following query retrieves the primary keys from all tables and views:

SELECT * FROM sys_primarykeys

Columns

sys_indexes

Describes the available indexes. By filtering on indexes, you can write more selective queries with faster query response times.

The following query retrieves all indexes that are not primary keys:

SELECT * FROM sys_indexes WHERE IsPrimary='false'

Columns

sys_connection_props

Returns information on the available connection properties and those set in the connection string.

The following query retrieves all connection properties that have been set in the connection string or set through a default value:

SELECT * FROM sys_connection_props WHERE Value <> ''

Columns

sys_sqlinfo

Describes the SELECT query processing that the connector can offload to the data source.

Discovering the Data Source's SELECT Capabilities

Below is an example data set of SQL capabilities. Some aspects of SELECT functionality are returned in a comma-separated list if supported; otherwise, the column contains NO.

The following query retrieves the operators that can be used in the WHERE clause:

SELECT * FROM sys_sqlinfo WHERE Name = 'SUPPORTED_OPERATORS'

Note that individual tables may have different limitations or requirements on the WHERE clause; refer to the Data Model section for more information.

Columns

sys_identity

Returns information about attempted modifications.

The following query retrieves the Ids of the modified rows in a batch operation:

SELECT * FROM sys_identity

Columns

sys_information

Describes the available system information.

The following query retrieves all columns:

SELECT * FROM sys_information

Columns

Advanced Configurations Properties

The advanced configurations properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure. Click the links for further details.

Authentication

Azure Authentication

OAuth

JWT OAuth

SSL

Schema

Miscellaneous

Authentication

This section provides a complete list of authentication properties you can configure.

AuthScheme

The type of authentication to use when connecting to Microsoft Power BI XMLA.

Possible Values

Microsoft Entra ID, AzureServicePrincipal, AzureServicePrincipalCert

Data Type

string

Default Value

Microsoft Entra ID

Remarks

Use this property to select the authentication flow that matches your environment and deployment scenario. This setting determines how the driver acquires OAuth credentials for accessing Microsoft Power BI XMLA.

• Microsoft Entra ID: Use for interactive, user-based authentication with Microsoft Entra ID (formerly Microsoft Entra ID). Best for desktop applications, development environments, or any scenario where a user logs in through a browser. Supports embedded and custom OAuth applications. For step-by-step instructions, see Establishing a Connection and Creating a Service Principal App in Entra ID.
• AzureServicePrincipal: Use for non-interactive, automated authentication using a service principal and client credentials (client ID + secret). Recommended for CI/CD, ETL, or server-based deployments. To configure this method, see Creating a Service Principal App in Entra ID.
• AzureServicePrincipalCert: Use for service principal authentication with a certificate, typically in security-sensitive or compliance-focused environments. This method requires a registered Microsoft Entra ID application (formerly Microsoft Entra ID application) and a valid client certificate. To configure certificate-based auth, see the “Client OAuth Flow With a Certificate” section in Creating a Service Principal App in Entra ID.

Azure Authentication

This section provides a complete list of Azure authentication properties you can configure.

AzureTenant

Identifies the Microsoft Power BI XMLA tenant being used to access data. Accepts either the tenant's domain name (for example, contoso.onmicrosoft.com) or its directory (tenant) ID.

Data Type

string

Default Value

""

Remarks

A tenant is a digital container for your organization's users and resources, managed through Microsoft Entra ID (formerly Microsoft Entra ID). Each tenant is associated with a unique directory ID, and often with a custom domain (for example, microsoft.com or contoso.onmicrosoft.com).

You can locate the directory (tenant) ID in the Microsoft Entra admin center by navigating to Microsoft Entra ID > Properties and copying the value labeled "Directory (tenant) ID".

This property is required in the following cases:

• When AuthScheme is set to AzureServicePrincipal or AzureServicePrincipalCert
• When AuthScheme is Microsoft Entra ID and the user account belongs to multiple tenants

You can provide the tenant value in one of two formats:

• A domain name (for example, contoso.onmicrosoft.com)
• A directory (tenant) ID in GUID format (for example, c9d7b8e4-1234-4f90-bc1a-2a28e0f9e9e0)

Specifying the tenant explicitly ensures that the authentication request is routed to the correct directory, which is especially important when a user belongs to multiple tenants or when using service principal–based authentication.

If this value is omitted when required, authentication may fail or connect to the wrong tenant. This can result in errors such as unauthorized or resource not found.

AzureEnvironment

The Azure Environment to use when establishing a connection.

Possible Values

GLOBAL, CHINA, USGOVT, USGOVTDOD, USGOVTHIGH

Data Type

string

Default Value

GLOBAL

Remarks

Required if your Azure account is part of a different network than the Global network, such as China, USGOVT, or USGOVTDOD.

In most cases, leaving the environment set to global will work. However, if your Azure Account has been added to a different environment, the AzureEnvironment may be used to specify which environment. The available values are GLOBAL, USGOVT, USGOVTHIGH, USGOVTDOD.

OAuth

This section provides a complete list of OAuth properties you can configure.

InitiateOAuth

Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working.

Possible Values

OFF, REFRESH, GETANDREFRESH

Data Type

string

Default Value

OFF

Remarks

OAuth is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. The OAuth flow defines the method to be used for logging in users, exchanging their credentials for an OAuth access token to be used for authentication, and providing limited access to applications.

Microsoft Power BI XMLA supports the following options for initiating OAuth access:

1. OFF: No automatic OAuth flow initiation. The OAuth flow is handled entirely by the user, who will take action to obtain their OAuthAccessToken. Note that with this setting the user must refresh the token manually and reconnect with an updated OAuthAccessToken property when the current token expires.
2. GETANDREFRESH: The OAuth flow is handled entirely by the connector. If a token already exists, it is refreshed when necessary. If no token currently exists, it will be obtained by prompting the user to login.
3. REFRESH: The user handles obtaining the OAuth Access Token and sets up the sequence for refreshing the OAuth Access Token. (The user is never prompted to log in to authenticate. After the user logs in, the connector handles the refresh of the OAuth Access Token.

OAuthClientId

Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication.

Data Type

string

Default Value

""

Remarks

This property is required when using a custom OAuth application, such as in web-based authentication flows, service-based authentication, or certificate-based flows that require application registration. It is also required if an embedded OAuth application is not available for the driver. When an embedded OAuth application is available, this value may already be provided by the connector and not require manual entry.

This value is generally used alongside other OAuth-related properties such as OAuthClientSecret and OAuthSettingsLocation when configuring an authenticated connection.

OAuthClientId is one of the key connection parameters that need to be set before users can authenticate via OAuth. You can typically find this value in your identity provider’s application registration settings. Look for a field labeled Client ID, Application ID, or Consumer Key.

While the client ID is not considered a confidential value like a client secret, it is still part of your application's identity and should be handled carefully. Avoid exposing it in public repositories or shared configuration files.

OAuthClientSecret

Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server.

Data Type

string

Default Value

""

Remarks

This property is required when using a custom OAuth application in any flow that requires secure client authentication, such as web-based OAuth, service-based connections, or certificate-based authorization flows. It is not required when using an embedded OAuth application.

The client secret is used during the token exchange step of the OAuth flow, when the driver requests an access token from the authorization server. If this value is missing or incorrect, authentication will fail, and the server may return an invalid_client or unauthorized_client error.

OAuthClientSecret is one of the key connection parameters that need to be set before users can authenticate via OAuth. You can obtain this value from your identity provider when registering the OAuth application. It may be referred to as the client secret, application secret, or consumer secret.

This value should be stored securely and never exposed in public repositories, scripts, or unsecured environments. Client secrets may also expire after a set period. Be sure to monitor expiration dates and rotate secrets as needed to maintain uninterrupted access.

OAuthAccessToken

Specifies the OAuth access token used to authenticate requests to the data source. This token is issued by the authorization server after a successful OAuth exchange.

Data Type

string

Default Value

""

Remarks

The OAuthAccessToken is a temporary credential that authorizes access to protected resources. It is typically returned by the identity provider after the user or client application completes an OAuth authentication flow. This property is most commonly used in automated workflows or custom OAuth implementations where you want to manage token handling outside of the driver.

The OAuth access token has a server-dependent timeout, limiting user access. This is set using the OAuthExpiresIn property. However, it can be reissued between requests to keep access alive as long as the user keeps working.

If InitiateOAuth is set to REFRESH, we recommend that you also set both OAuthExpiresIn and OAuthTokenTimestamp. The connector uses these properties to determine when the token expires so it can refresh most efficiently. If OAuthExpiresIn and OAuthTokenTimestamp are not specified, the connector refreshes the token immediately.

Access tokens should be treated as sensitive credentials and stored securely. Avoid exposing them in logs, scripts, or configuration files that are not access-controlled.

OAuthSettingsLocation

Specifies the location of the settings file where OAuth values are saved. Storing OAuth settings in a central location avoids the need for users to enter OAuth connection properties manually each time they log in. It also enables credentials to be shared across connections or processes.

Data Type

string

Default Value

%APPDATA%\PowerBIXMLA Data Provider\OAuthSettings.txt

Remarks

You can store OAuth values in a central file for shared access to those values, in either of the following ways:

• Set InitiateOAuth to either GETANDREFRESH or REFRESH and specify a filepath to the OAuth settings file.
• Use memory storage to load the credentials into static memory.

The following sections provide more detail on each of these methods.

Specifying the OAuthSettingsLocation Filepath

The default OAuth setting location is %APPDATA%\PowerBIXMLA Data Provider\OAuthSettings.txt, with %APPDATA% set to the user's configuration directory.

Default values vary, depending on the user's operating system.

• Windows (ODBC and Power BI): registry://%DSN%
• Windows: %APPDATA%PowerBIXMLA Data Provider\OAuthSettings.txt
• Mac: %APPDATA%//PowerBIXMLA Data Provider/OAuthSettings.txt
• Linux: %APPDATA%//PowerBIXMLA Data Provider/OAuthSettings.txt

Loading Credentials Via Memory Storage

Memory locations are specified by using a value starting with memory://, followed by a unique identifier for that set of credentials (for example, memory://user1). The identifier can be anything you choose, but it should be unique to the user.

Unlike file-based storage, where credentials persist across connections, memory storage loads the credentials into static memory and the credentials are shared between connections using the same identifier for the life of the process. To persist credentials outside the current process, you must manually store the credentials prior to closing the connection. This enables you to set them in the connection when the process is started again.

To retrieve OAuth property values, query the sys_connection_props system table. If there are multiple connections using the same credentials, the properties are read from the previously closed connection.

Supported Storage Types

• memory://: Stores OAuth tokens in-memory (unique identifier, shared within same process, etc.)
• registry://: Only supported in the Windows ODBC and Power BI editions. Stores OAuth tokens in the registry under the DSN settings. Must end in a DSN name like registry://Microsoft Power BI XMLA connector Data Source, or registry://%DSN%.
• %DSN%: The name of the DSN you are connecting with.
• Default (no prefix): Stores OAuth tokens within files. The value can be either an absolute path, or a path starting with %APPDATA% or %PROGRAMFILES%.

CallbackURL

Identifies the URL users return to after authenticating to Microsoft Power BI XMLA via OAuth. (Custom OAuth applications only.).

Data Type

string

Default Value

""

Remarks

If you created a custom OAuth application, the OAuth authorization server redirects the user to this URL during the authentication process. This value must match the callback URL you specified when you Configured the custom OAuth application.

OAuthVerifier

Specifies a verifier code returned from the OAuthAuthorizationURL. Used when authenticating to OAuth on a headless server, where a browser can't be launched. Requires both OAuthSettingsLocation and OAuthVerifier to be set.

Data Type

string

Default Value

""

OAuthRefreshToken

Specifies the OAuth refresh token used to request a new access token after the original has expired.

Data Type

string

Default Value

""

Remarks

The refresh token is used to obtain a new access token when the current one expires. It enables seamless authentication for long-running or automated workflows without requiring the user to log in again. This property is especially important in headless, CI/CD, or server-based environments where interactive authentication is not possible.

The refresh token is typically obtained during the initial OAuth exchange by calling the GetOAuthAccessToken stored procedure. After that, it can be set using this property to enable automatic token refresh, or passed to the RefreshOAuthAccessToken stored procedure if you prefer to manage the refresh manually.

When InitiateOAuth is set to REFRESH, the driver uses this token to retrieve a new access token automatically. After the first refresh, the driver saves updated tokens in the location defined by OAuthSettingsLocation, and uses those values for subsequent connections.

The OAuthRefreshToken should be handled securely and stored in a trusted location. Like access tokens, refresh tokens can expire or be revoked depending on the identity provider’s policies.

OAuthExpiresIn

Specifies the duration in seconds, of an OAuth Access Token's lifetime. The token can be reissued to keep access alive as long as the user keeps working.

Data Type

string

Default Value

""

Remarks

The OAuth Access Token is assigned to an authenticated user, granting that user access to the network for a specified period of time. The access token is used in place of the user's login ID and password, which stay on the server.

An access token created by the server is only valid for a limited time. OAuthExpiresIn is the number of seconds the token is valid from when it was created. For example, a token generated at 2024-01-29 20:00:00 UTC that expires at 2024-01-29 21:00:00 UTC (an hour later) would have an OAuthExpiresIn value of 3600, no matter what the current time is.

To determine how long the user has before the Access Token will expire, use OAuthTokenTimestamp.

OAuthTokenTimestamp

Displays a Unix epoch timestamp in milliseconds that shows how long ago the current Access Token was created.

Data Type

string

Default Value

""

Remarks

The OAuth Access Token is assigned to an authenticated user, granting that user access to the network for a specified period of time. The access token is used in place of the user's login ID and password, which stay on the server.

An access token created by the server is only valid for a limited time. OAuthTokenTimestamp is the Unix timestamp when the server created the token. For example, OAuthTokenTimestamp=1706558400 indicates the OAuthAccessToken was generated by the server at 2024-01-29 20:00:00 UTC.

JWT OAuth

This section provides a complete list of JWT OAuth properties you can configure.

OAuthJWTCert

Supplies the name of the client certificate's JWT Certificate store.

Data Type

string

Default Value

""

Remarks

The OAuthJWTCertType field specifies the type of the certificate store specified in OAuthJWTCert. If the store is password-protected, use OAuthJWTCertPassword to supply the password..

OAuthJWTCert is used in conjunction with the OAuthJWTCertSubject field in order to specify client certificates.

If OAuthJWTCert has a value, and OAuthJWTCertSubject is set, the Microsoft Power BI XMLA connector initiates a search for a certificate. For further information, see OAuthJWTCertSubject.

Designations of certificate stores are platform-dependent.

Notes

• The most common User and Machine certificate stores in Windows include:

  • MY: A certificate store holding personal certificates with their

    associated private keys.

  • CA: Certifying authority certificates.

  • ROOT: Root certificates.

  • SPC: Software publisher certificates.

  • In Java, the certificate store normally is a file containing certificates and optional private keys.
  • When the certificate store type is PFXFile, this property must be set to the name of the file.
  • When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).

OAuthJWTCertType

Identifies the type of key store containing the JWT Certificate.

Possible Values

USER, MACHINE, PFXFILE, PFXBLOB, JKSFILE, JKSBLOB, PEMKEY_FILE, PEMKEY_BLOB, PUBLIC_KEY_FILE, PUBLIC_KEY_BLOB, SSHPUBLIC_KEY_FILE, SSHPUBLIC_KEY_BLOB, P7BFILE, PPKFILE, XMLFILE, XMLBLOB, BCFKSFILE, BCFKSBLOB

Data Type

string

Default Value

USER

Remarks

OAuthJWTCertPassword

Provides the password for the OAuth JWT certificate used to access a password-protected certificate store. If the certificate store does not require a password, leave this property blank.

Data Type

string

Default Value

""

Remarks

This property specifies the password needed to open a password-protected certificate store. To determine if a password is necessary, refer to the documentation or configuration for your specific certificate store.

OAuthJWTCertSubject

Identifies the subject of the OAuth JWT certificate used to locate a matching certificate in the store. Supports partial matches and the wildcard '*' to select the first certificate.

Data Type

string

Default Value

*

Remarks

The value of this property is used to locate a matching certificate in the store. The search process works as follows:

• If an exact match for the subject is found, the corresponding certificate is selected.
• If no exact match is found, the store is searched for certificates whose subjects contain the property value.
• If no match is found, no certificate is selected.

You can set the value to '*' to automatically select the first certificate in the store. The certificate subject is a comma-separated list of distinguished name fields and values. For example: CN=www.server.com, OU=test, C=US, E=example@jbexample.com. Common fields include:

If a field value contains a comma, enclose it in quotes. For example: "O=ACME, Inc.".

SSL

This section provides a complete list of SSL properties you can configure.

SSLClientCert

Specifies the TLS/SSL client certificate store for SSL Client Authentication (2-way SSL). This property works in conjunction with other SSL-related properties to establish a secure connection.

Data Type

string

Default Value

""

Remarks

This property specifies the client certificate store for SSL Client Authentication. Use this property alongside SSLClientCertType, which defines the type of the certificate store, and SSLClientCertPassword, which specifies the password for password-protected stores. When SSLClientCert is set and SSLClientCertSubject is configured, the driver searches for a certificate matching the specified subject.

Certificate store designations vary by platform. On Windows, certificate stores are identified by names such as MY (personal certificates), while in Java, the certificate store is typically a file containing certificates and optional private keys.

The following are designations of the most common User and Machine certificate stores in Windows:

For PFXFile types, set this property to the filename. For PFXBlob types, set this property to the binary contents of the file in PKCS12 format.

SSLClientCertType

Specifies the type of key store containing the TLS/SSL client certificate for SSL Client Authentication. Choose from a variety of key store formats depending on your platform and certificate source.

Possible Values

USER, MACHINE, PFXFILE, PFXBLOB, JKSFILE, JKSBLOB, PEMKEY_FILE, PEMKEY_BLOB, PUBLIC_KEY_FILE, PUBLIC_KEY_BLOB, SSHPUBLIC_KEY_FILE, SSHPUBLIC_KEY_BLOB, P7BFILE, PPKFILE, XMLFILE, XMLBLOB, BCFKSFILE, BCFKSBLOB

Data Type

string

Default Value

USER

Remarks

This property determines the format and location of the key store used to provide the client certificate. Supported values include platform-specific and universal key store formats. The available values and their usage are:

SSLClientCertPassword

Specifes the password required to access the TLS/SSL client certificate store. Use this property if the selected certificate store type requires a password for access.

Data Type

string

Default Value

""

Remarks

This property provides the password needed to open a password-protected certificate store. This property is necessary when using certificate stores that require a password for decryption, as is often recommended for PFX or JKS type stores.

If the certificate store type does not require a password, for example USER or MACHINE on Windows, this property can be left blank. Ensure that the password matches the one associated with the specified certificate store to avoid authentication errors.

SSLClientCertSubject

Specifes the subject of the TLS/SSL client certificate to locate it in the certificate store. Use a comma-separated list of distinguished name fields, such as CN=www.server.com, C=US. The wildcard * selects the first certificate in the store.

Data Type

string

Default Value

*

Remarks

This property determines which client certificate to load based on its subject. The connector searches for a certificate that exactly matches the specified subject. If no exact match is found, the connector looks for certificates containing the value of the subject. If no match is found, no certificate is selected.

The subject should follow the standard format of a comma-separated list of distinguished name fields and values. For example, CN=www.server.com, OU=Test, C=US. Common fields include the following:

SSLServerCert

Specifies the certificate to be accepted from the server when connecting using TLS/SSL.

Data Type

string

Default Value

""

Remarks

If using a TLS/SSL connection, this property can be used to specify the TLS/SSL certificate to be accepted from the server. Any other certificate that is not trusted by the machine is rejected.

This property can take the following forms:

If not specified, any certificate trusted by the machine is accepted.

Certificates are validated as trusted by the machine based on the System's trust store. The trust store used is the 'javax.net.ssl.trustStore' value specified for the system. If no value is specified for this property, Java's default trust store is used (for example, JAVA_HOME\lib\security\cacerts).

Use '*' to signify to accept all certificates. Note that this is not recommended due to security concerns.

Schema

This section provides a complete list of schema properties you can configure.

Location

Specifies the location of a directory containing schema files that define tables, views, and stored procedures. Depending on your service's requirements, this may be expressed as either an absolute path or a relative path.

Data Type

string

Default Value

%APPDATA%\PowerBIXMLA Data Provider\Schema

Remarks

The Location property is only needed if you want to either customize definitions (for example, change a column name, ignore a column, etc.) or extend the data model with new tables, views, or stored procedures.

If left unspecified, the default location is %APPDATA%\PowerBIXMLA Data Provider\Schema, where %APPDATA% is set to the user's configuration directory:

BrowsableSchemas

Optional setting that restricts the schemas reported to a subset of all available schemas. For example, BrowsableSchemas=SchemaA,SchemaB,SchemaC.

Data Type

string

Default Value

""

Remarks

Listing all available database schemas can take extra time, thus degrading performance. Providing a list of schemas in the connection string saves time and improves performance.

Tables

Optional setting that restricts the tables reported to a subset of all available tables. For example, Tables=TableA,TableB,TableC.

Data Type

string

Default Value

""

Remarks

Listing all available tables from some databases can take extra time, thus degrading performance. Providing a list of tables in the connection string saves time and improves performance.

If there are lots of tables available and you already know which ones you want to work with, you can use this property to restrict your viewing to only those tables. To do this, specify the tables you want in a comma-separated list. Each table should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Tables=TableA,[TableB/WithSlash],WithCatalog.WithSchema.`TableC With Space`.

Views

Optional setting that restricts the views reported to a subset of the available tables. For example, Views=ViewA,ViewB,ViewC.

Data Type

string

Default Value

""

Remarks

Listing all available views from some databases can take extra time, thus degrading performance. Providing a list of views in the connection string saves time and improves performance.

If there are lots of views available and you already know which ones you want to work with, you can use this property to restrict your viewing to only those views. To do this, specify the views you want in a comma-separated list. Each view should be a valid SQL identifier with any special characters escaped using square brackets, double-quotes or backticks. For example, Views=ViewA,[ViewB/WithSlash],WithCatalog.WithSchema.`ViewC With Space`.

Catalog

Specifies the Power BI workspace and dataset to use, combined into a single catalog name. For example, MyWorkspace_MyDataset. Leave this blank to search across all available workspaces and datasets.

Data Type

string

Default Value

""

Remarks

The connector combines each Power BI workspace and dataset into a single catalog name. The catalog name is constructed by appending the dataset name to the workspace name, separated by an underscore. For example, if the workspace is called MyWorkspace and the dataset is called MyDataset, the catalog name will be MyWorkspace_MyDataset. By default, the connector lists all workspaces and datasets as separate catalogs. You can query a specifc catalog by specifying a name or search for a table across all catalogs:

-- Use this specific catalog
SELECT ... FROM MyWorkspace_MyDataset.Model.MyDimension

-- Search for a catalog containing this table
SELECT ... FROM Model.MyDimension

When you enable UseMDX, set this property to route MDX queries to the correct workspace and dataset. The connector cannot automatically detect the workspace and dataset for MDX queries.

IncludeJoinColumns

Enable this property to add extra join columns to each table. These columns reference foreign keys for use in ON conditions when performing joins.

Data Type

bool

Default Value

false

Remarks

Set IncludeJoinColumns to true if your tool requires ON conditions or generates them automatically based on foreign key references. When enabled, the connector adds foreign key references to every table, even though these columns do not return any data. Their sole purpose is to provide references for ON conditions in join operations.

In Microsoft Power BI XMLA, dimensions and measures within tables are naturally related, so ON conditions are optional. The Microsoft Power BI XMLA connector supports joins without requiring these conditions.

Miscellaneous

This section provides a complete list of miscellaneous properties you can configure.

CustomHeaders

Specifies additional HTTP headers to append to the request headers created from other properties, such as ContentType and From. Use this property to customize requests for specialized or nonstandard APIs.

Data Type

string

Default Value

""

Remarks

Use this property to add custom headers to HTTP requests sent by the connector.

This property is useful when fine-tuning requests to interact with APIs that require additional or nonstandard headers. Headers must follow the format "header: value" as described in the HTTP specifications and each header line must be separated by the carriage return and line feed (CRLF) characters. Important: Use caution when setting this property. Supplying invalid headers may cause HTTP requests to fail.

ExposeMemberKeys

Enable this property to convert each level into a measure, which is a numeric value that supports calculations like summing, averaging, and other aggregations. By default, levels remain as String types, so they do not support direct calculations.

Data Type

bool

Default Value

false

Remarks

When you enable this property, the connector resolves each level to its key property, creating a measure with the level's DBType data type. This allows you to perform calculations on the measure, such as aggregations or mathematical operations. Use this property when you need to analyze levels numerically or include them in computations.

ExpressionInDescription

Enable this property to append measure expressions in the descriptions of measure columns. By default, the provider includes only remarks in measure column descriptions.

Data Type

bool

Default Value

false

Remarks

The connector uses remarks to generate descriptions for several types of entities, including dimensions, measures, measure groups, and hierarchies. This property provides additional context for understanding the calculation logic of measures without modifying the descriptions of non-measure entities. Set this to true to improve visibility into how measures are defined when expressions are essential for analysis.

ExtraProperties

Specifies additional properties to include in each MDX request sent to Microsoft Power BI XMLA. Use this property to customize the PropertiesList of the XMLA request when UseMDX is enabled.

Data Type

string

Default Value

""

Remarks

When you enable UseMDX, you can use the ExtraProperties connection property to add extra values to the PropertiesList in the XMLA request. Specify these properties as name=value pairs, separated by semicolons. For example: Catalog=MyCatalog;Cube=MyCube;.

You can retrieve a list of valid property names by executing the following query:

SELECT * FROM $System.DISCOVER_PROPERTIES

This property is useful for fine-tuning MDX requests to include custom parameters required by your specific Power BI environment.

MaxRows

Specifies the maximum rows returned for queries without aggregation or GROUP BY.

Data Type

int

Default Value

-1

Remarks

This property sets an upper limit on the number of rows the connector returns for queries that do not include aggregation or GROUP BY clauses. This limit ensures that queries do not return excessively large result sets by default.

When a query includes a LIMIT clause, the value specified in the query takes precedence over the MaxRows setting. If MaxRows is set to "-1", no row limit is enforced unless a LIMIT clause is explicitly included in the query.

This property is useful for optimizing performance and preventing excessive resource consumption when executing queries that could otherwise return very large datasets.

Other

Specifies additional hidden properties for specific use cases. These are not required for typical provider functionality. Use a semicolon-separated list to define multiple properties.

Data Type

string

Default Value

""

Remarks

This property allows advanced users to configure hidden properties for specialized scenarios. These settings are not required for normal use cases but can address unique requirements or provide additional functionality. Multiple properties can be defined in a semicolon-separated list.

Specify multiple properties in a semicolon-separated list.

Integration and Formatting

ResponseRowLimit

Specifies the maximum number of response rows allowed before triggering an error. Use 0 to remove the limit entirely. This property helps prevent performance issues caused by large queries.

Data Type

int

Default Value

100000

Remarks

Selecting a large number of columns can create multiple crossjoins when the query is translated into MDX, as required by Microsoft Power BI XMLA. Crossjoins often lead to very large response sets, which may time out or degrade performance. If the response exceeds the specified row limit, the connector triggers an error to alert you to the high cost of the query.

This property provides a safeguard against unintentionally expensive requests. If you know your queries will generate large responses and want to process them, you can increase the limit or set it to 0 to disable the restriction. However, use caution when setting a very high limit or removing the limit altogether, as it may lead to performance degradation or timeouts.

ShowHiddenEntities

Enable this property to include hidden dimensions, measures, and levels in query results. By default, the provider excludes entities marked as hidden.

Data Type

bool

Default Value

false

Remarks

By default, the connector omits dimensions, measures, and levels that Microsoft Power BI XMLA flags as hidden. Enabling this property allows you to query these entities, which may contain supplemental or advanced data not typically exposed in standard views.

This property is useful for users who need to access hidden metadata or perform advanced analyses involving non-visible entities. However, use caution when enabling this property, as hidden entities may be experimental, deprecated, or irrelevant to standard queries.

SplitMeasures

Enable this property to split the Measures table into individual tables and distribute measures into their respective dimension tables.

Data Type

bool

Default Value

false

Remarks

By default, the connector groups all measures into a single table called Measures. When you enable SplitMeasures, the connector reorganizes the measures in the following ways:

• Separate Tables for Measures-Only Groups: If a table contains only measures, the driver creates a dedicated table for those measures.
• Integration with Dimensions: The driver includes measures in their corresponding dimension tables if applicable.

This property is useful for creating a more intuitive schema layout when analyzing datasets with numerous measures and dimensions. Use this property with the SplitMeasuresOn property to control how measures are grouped into subtables based on attributes such as MeasureGroup or DisplayFolder.

SplitMeasuresOn

Specifies the priority for organizing measures into tables when SplitMeasures is enabled. Provide a comma-delimited list of attributes to determine the sorting order.

Data Type

string

Default Value

MeasureGroup

Remarks

The connector names the split-measure tables based on the first populated attribute in the list. Available attribute values include:

• MeasureGroup
• DisplayFolder

If none of the attributes in the list are populated for a measure, the connector places the measure in a generic Measures table. For example, setting SplitMeasures to MeasureGroup,DisplayFolder prioritizes grouping measures by their MeasureGroup. If the MeasureGroup attribute is not populated for a measure, the connector uses the DisplayFolder attribute as the fallback grouping method.

Timeout

Specifies the maximum time, in seconds, that the provider waits for a server response before throwing a timeout error. The default is 60 seconds. Set to 0 to disable the timeout.

Data Type

int

Default Value

60

Remarks

This property controls the maximum time, in seconds, that the connector waits for an operation to complete before canceling it. If the timeout period expires before the operation finishes, the connector cancels the operation and throws an exception.

The timeout applies to each individual communication with the server rather than the entire query or operation. For example, a query could continue running beyond the timeout value if each paging call completes within the timeout limit.

Setting this property to 0 disables the timeout, allowing operations to run indefinitely until they succeed or fail due to other conditions such as server-side timeouts, network interruptions, or resource limits on the server. Use this property cautiously to avoid long-running operations that could degrade performance or result in unresponsive behavior.

UseMDX

Enable this property to pass MDX queries directly to Microsoft Power BI XMLA. When disabled, the provider translates SQL-92 queries into operations on the modeled views.

Data Type

bool

Default Value

false

Remarks

This property determines whether the connector processes SQL-92 queries or passes MDX queries directly to Microsoft Power BI XMLA. By default, the driver allows SQL-92 SELECT queries to interact with views modeled by the driver. When you enable this property, the driver bypasses the SQL translation layer and sends MDX queries as-is to the XMLA endpoint.

This property is useful for advanced users familiar with MDX who need direct access to multidimensional queries for more granular or complex operations.

UserDefinedViews

Specifies a filepath to a JSON configuration file defining custom views. The provider automatically detects and uses the views specified in this file.

Data Type

string

Default Value

""

Remarks

This property allows you to define and manage custom views through a JSON-formatted configuration file called UserDefinedViews.json. These views are automatically recognized by the connector and enable you to execute custom SQL queries as if they were standard database views. The JSON file defines each view as a root element with a child element called "query", which contains the SQL query for the view. For example:

{
    "MyView": {
        "query": "SELECT * FROM [AdventureWorksDW2012Multidimensional-SE].[Adventure Works].Customer WHERE MyColumn = 'value'"
    },
    "MyView2": {
        "query": "SELECT * FROM MyTable WHERE Id IN (1,2,3)"
    }

}

You can define multiple views in a single file and specify the filepath using this property. For example: UserDefinedViews=C:\Path\To\UserDefinedViews.json. When you use this property, only the specified views are seen by the connector.

Refer to User Defined Views for more information.

Workspace

Specifies the Premium Power BI workspace(s) to connect to, using a comma-separated list of workspace names.

Data Type

string

Default Value

""

Remarks

This property is useful for narrowing the scope of queries to specific workspaces, optimizing performance, and focusing on relevant datasets. Use a comma-separated list of workspace names, ensuring they exactly match the case-sensitive names displayed in Power BI. Only Premium Workspaces are supported; standard workspaces are not compatible.

To find workspace names in Power BI, follow these steps:

1. Log in to Power BI.
2. Navigate to the Workspaces section in the left-hand panel.
3. Locate the exact name of the Premium Workspace(s) you want to connect to.
4. Use these names in the property configuration, ensuring they match exactly.

If no value is specified, the driver attempts to connect to all Premium Workspaces accessible to the user. While this can be helpful for exploring datasets, it may increase processing time due to the additional requests required to retrieve objects from all workspaces. For example, to connect to two Premium Workspaces named SalesAnalysis and MarketingReports, set the property as follows:

Workspace=SalesAnalysis,MarketingReports