Returns the user's principal name of the currently logged in user.
- Returned Output: Text
- Library: PQL \ Common \ Identity
- Version: 2020.25.000
- Can be combined with and other PQL function throughout the application.
- It CANNOT be used with MDX or VBA functions. But it can be used on MDX-based content in other parts of the application.
- The function returns a text string of the user's principal name or UPN. UPN's are usually in the form email@example.com - which is often identical to the email address.
- The function response will change according to the type of authentication SSO source used. See below.
- UPN's are generally available when:
- they are manually supplied in the admin
- An Active Directory has been used as the authentication provider
- SAML/OpenID authentication has been used as the authentication provider.
- The function takes no inputs
- The function is often used to customize the way queries or formula's operate based on the user that is currently running a report or dashboard. It can also be used in driving member level security for data models - allowing a data model to be customized for each user logging into the application.
- Database / Internal Authentication: returns the username value
- LDAP / Active Directory: returns the proxy account value
- SAML / OpenID: returns the principal account value
Different Function types
- This function is like the MDX username function.
- The other "identity" functions can be used to secure and customize the analytics experience. For more see the UserName and the Proxy Account functions.
This example shows how to use the UserPrincipalNameAlt function to create a member object from a table called "security", on a column called "UPN".
If the logged in user was called "firstname.lastname@example.org", it would return a member with unique name [Security].[UPM].[John.Smith@abc.com]. If this was used in the member security settings for a model in the admin settings, it could be used to filter all the rows in the Security table of model, which in turn would secure the data for the entire model .
So if the security table showed that email@example.com matched up with USA, then this function would limit the entire data model to only show USA data.
An alternative to the above approach, would be to set security on the country table directly, using a non-empty function and the following use of the username method.
NonEmpty( AllMembers([customers].[Country]) , (StrToMember([Security].[UPN],UserPrincipalNameAlt())) )