Findings (6)
Security
IQ/MCP integration allows natural language queries against all data without RLS enforcement. Sensitive HR and Finance data accessible to all users.
โ Implement MCP tool-level authorization checks. Enforce RLS through the semantic model connection. Add audit logging for all IQ queries.
Data Quality
Models without measure/table descriptions cause IQ to generate incorrect DAX 23% of the time. Only 'Finance Consolidated' has full descriptions.
โ Add descriptions to all tables, columns, and measures in Sales Revenue, Marketing Attribution, and Supply Chain models.
Naming
Measures named 'Total' and 'Count' exist in multiple models. IQ cannot disambiguate without context, leading to wrong model selection.
โ Rename ambiguous measures with model prefix: 'Sales Total Revenue', 'HR Headcount Total'. Add synonyms for natural language mapping.
Performance
3 of 12 MCP tools timeout when querying tables with >1M rows. Default 30s timeout is insufficient for complex aggregations.
โ Increase MCP tool timeout to 60s. Add pre-aggregated summary tables for common IQ queries. Cache frequent results.
User Experience
MCP tools return raw API errors to end users when queries fail. No friendly error messages or fallback behavior.
โ Add try/catch wrappers with user-friendly error messages. Implement fallback to suggest alternative queries.
Monitoring
No tracking of which IQ queries are asked, which succeed/fail, or which models are most queried.
โ Enable Application Insights integration. Log query text, model used, success/failure, and response time.
Recommendations
1Add descriptions to all undocumented semantic models โ biggest impact on IQ accuracy
2Implement RLS enforcement through MCP tool authorization layer
3Rename ambiguous measures with model-prefixed names
4Increase MCP tool timeout and add pre-aggregated summary tables
5Add error handling and friendly messages to all 12 MCP tools
6Enable Application Insights for IQ query analytics