In addition to configuring a Scheduled refresh, report server administrators can use the Manage page to modify the data source properties of a report. For example, Power BI reports based on Live connections to SQL Server Analysis Services (SSAS) models will attempt to access the SSAS source as the user viewing the report by default. However, assuming that the SSAS instance is installed on a separate machine than the Power BI Report Server, Kerberos Constrained Delegation (KCD) is required for this impersonation to function. To enable this data source connection without KCD, while still respecting any row-level security defined in the SSAS model, an administrator can modify the data source properties of the report.

In the following screenshot from the Manage report page, a specific user credential is specified for accessing an SSAS source: 

With the check mark option enabled as in the preceding screenshot, once a connection has been opened to the SSAS model via the credential specified (ATLASBrett Powell), the identity of the user viewing the report can be passed to the source. In this scenario, the credential specified should be a server administrator for the source SSAS instance, thus enabling row-level security to be applied to the user viewing the report. Information on the SSAS server administrator role and user impersonation via the EffectiveUserName property is included in the Live connections to Analysis Services Models section of Chapter 9, Managing the On-Premises Data Gateway. Additionally, the following URL contains information on KCD in Windows Server 2012 (http://bit.ly/2DMCKCj).